National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:wireshark:wireshark:1.4.5::~~~~itanium~
There are 41 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-14438

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

Published: July 19, 2018; 08:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-6836

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Published: February 08, 2018; 02:29:01 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-17997

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

Published: December 30, 2017; 02:29:00 AM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-17935

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

Published: December 27, 2017; 12:08:22 PM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-6014

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Published: February 17, 2017; 02:59:00 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2012-4296

Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

Published: August 16, 2012; 06:38:09 AM -04:00
    V2: 3.3 LOW
CVE-2012-4293

plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4292

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4291

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4290

The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4289

epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4288

Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4285

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.

Published: August 16, 2012; 06:38:08 AM -04:00
    V2: 3.3 LOW
CVE-2012-4049

epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.

Published: July 24, 2012; 03:55:03 PM -04:00
    V2: 2.9 LOW
CVE-2012-4048

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

Published: July 24, 2012; 03:55:00 PM -04:00
    V2: 3.3 LOW
CVE-2012-3826

Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.

Published: June 30, 2012; 06:15:05 AM -04:00
    V2: 3.3 LOW
CVE-2012-3825

Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.

Published: June 30, 2012; 06:15:05 AM -04:00
    V2: 3.3 LOW
CVE-2012-2394

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.

Published: June 30, 2012; 06:15:05 AM -04:00
    V2: 3.3 LOW
CVE-2012-2393

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

Published: June 30, 2012; 06:15:05 AM -04:00
    V2: 3.3 LOW
CVE-2012-2392

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

Published: June 30, 2012; 06:15:04 AM -04:00
    V2: 3.3 LOW