Total
692 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0668 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
|
|||||
| CVE-2023-0667 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
|
|||||
| CVE-2023-0666 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
|
|||||
| CVE-2023-0417 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2023-0416 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2023-0415 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2023-0413 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2023-0412 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2023-0411 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-4345 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-4344 | 1 Wireshark | 1 Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-3190 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-03 | N/A | 6.3 MEDIUM |
|
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-0586 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-11-03 | 7.8 HIGH | 6.3 MEDIUM |
|
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-0585 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-11-03 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-0583 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-11-03 | 5.0 MEDIUM | 6.3 MEDIUM |
|
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-0582 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-11-03 | 7.5 HIGH | 6.3 MEDIUM |
|
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-0581 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2025-11-03 | 5.0 MEDIUM | 6.3 MEDIUM |
|
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2021-4190 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2021-4186 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-11-03 | 5.0 MEDIUM | 6.3 MEDIUM |
|
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2021-4185 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Http Server and 2 more | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2021-4184 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Http Server and 2 more | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2021-4182 | 3 Fedoraproject, Oracle, Wireshark | 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2021-4181 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Http Server and 2 more | 2025-11-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2024-4855 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-08-07 | N/A | 3.6 LOW |
|
Use after free issue in editcap could cause denial of service via crafted capture file
|
|||||
| CVE-2022-3725 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2025-05-09 | N/A | 6.3 MEDIUM |
|
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2024-11595 | 1 Wireshark | 1 Wireshark | 2025-05-07 | N/A | 7.8 HIGH |
|
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2024-11596 | 1 Wireshark | 1 Wireshark | 2025-05-07 | N/A | 7.8 HIGH |
|
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
|
|||||
| CVE-2022-3724 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2025-04-22 | N/A | 6.3 MEDIUM |
|
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
|
|||||
| CVE-2016-7957 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.
|
|||||
| CVE-2017-11408 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.
|
|||||
| CVE-2017-11410 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.
|
|||||
| CVE-2017-5596 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow.
|
|||||
| CVE-2017-17935 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
|
|||||
| CVE-2017-9354 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
|
|||||
| CVE-2017-7705 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.
|
|||||
| CVE-2017-6470 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness.
|
|||||
| CVE-2017-13764 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.
|
|||||
| CVE-2017-6472 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value.
|
|||||
| CVE-2017-7703 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
|
|||||
| CVE-2017-9617 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.
|
|||||