U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 60 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2016-6505

epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

Published: August 06, 2016; 7:59:02 PM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6504

epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

Published: August 06, 2016; 7:59:01 PM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4421

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.

Published: April 30, 2016; 9:59:07 PM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4418

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.

Published: April 30, 2016; 9:59:04 PM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4417

Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.

Published: April 30, 2016; 9:59:03 PM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4085

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

Published: April 25, 2016; 6:59:10 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4082

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.

Published: April 25, 2016; 6:59:07 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4081

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: April 25, 2016; 6:59:06 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4080

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Published: April 25, 2016; 6:59:05 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4079

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

Published: April 25, 2016; 6:59:04 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4078

The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.

Published: April 25, 2016; 6:59:03 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4006

epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.

Published: April 25, 2016; 6:59:00 AM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2532

The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

Published: February 27, 2016; 11:59:10 PM -0500
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.

Published: February 27, 2016; 11:59:09 PM -0500
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2530

The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.

Published: February 27, 2016; 11:59:08 PM -0500
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-2523

The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: February 27, 2016; 11:59:02 PM -0500
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 7.1 HIGH
CVE-2016-2521

Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.

Published: February 27, 2016; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-8733

The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

Published: January 04, 2016; 12:59:23 AM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8732

The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Published: January 04, 2016; 12:59:22 AM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8731

The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Published: January 04, 2016; 12:59:21 AM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM