U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:wireshark:wireshark:1.10.6:*:*:*:*:*:*:*
There are 40 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-26575

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

Published: October 06, 2020; 11:15:15 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-14438

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

Published: July 19, 2018; 8:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-6836

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Published: February 08, 2018; 2:29:01 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-17997

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

Published: December 30, 2017; 2:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-17935

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

Published: December 27, 2017; 12:08:22 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6014

In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.

Published: February 17, 2017; 2:59:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2015-3814

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: May 26, 2015; 11:59:08 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3812

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.

Published: May 26, 2015; 11:59:06 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-3811

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.

Published: May 26, 2015; 11:59:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2191

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

Published: March 07, 2015; 9:59:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2189

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Published: March 07, 2015; 9:59:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

Published: March 07, 2015; 9:59:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0564

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.

Published: January 09, 2015; 9:59:42 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0563

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: January 09, 2015; 9:59:41 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0562

Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.

Published: January 09, 2015; 9:59:40 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0561

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.

Published: January 09, 2015; 9:59:39 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0560

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: January 09, 2015; 9:59:38 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0559

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.

Published: January 09, 2015; 9:59:38 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8714

The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: November 22, 2014; 9:59:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8713

Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: November 22, 2014; 9:59:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM