U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:wireshark:wireshark:1.4.2
There are 55 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2012-2392

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

Published: June 30, 2012; 6:15:04 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2012-1596

The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.

Published: April 11, 2012; 6:39:26 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-1595

The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.

Published: April 11, 2012; 6:39:26 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1593

epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.

Published: April 11, 2012; 6:39:26 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2012-0068

The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.

Published: April 11, 2012; 6:39:25 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0067

wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.

Published: April 11, 2012; 6:39:25 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0066

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.

Published: April 11, 2012; 6:39:25 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0043

Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.

Published: April 11, 2012; 6:39:25 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2012-0042

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.

Published: April 11, 2012; 6:39:25 AM -0400
V3.x:(not available)
V2.0: 2.9 LOW
CVE-2012-0041

The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.

Published: April 11, 2012; 6:39:25 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4102

Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file.

Published: November 03, 2011; 11:55:01 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4101

The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.

Published: November 03, 2011; 11:55:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-3360

Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

Published: September 20, 2011; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3266

The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.

Published: August 23, 2011; 8:55:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2011-2698

Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.

Published: August 23, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2597

The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.

Published: July 07, 2011; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2175

Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read.

Published: June 06, 2011; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2174

Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression.

Published: June 06, 2011; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1959

The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.

Published: June 06, 2011; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1958

Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.

Published: June 06, 2011; 3:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM