| CVE-2023-2906 |
|
Medium |
Aug 25, 2023 |
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a div
more...
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
less...
|
v3.6.24, v3.6.23, v3.6.22, v3.6.20, v3.6.19, v3.6.18, v3.6.17, v3.6.16, v3.6.15, 4.0.7
|
| BDSA-2024-0756 |
|
Medium |
Mar 28, 2024 |
Wireshark is vulnerable to memory corruption due to a use after free issue in the T.38 dissector. An attacker could exploit this by tricking a victim u
more...
Wireshark is vulnerable to memory corruption due to a use after free issue in the T.38 dissector. An attacker could exploit this by tricking a victim user into processing a crafted capture file to cause instability within the application, corrupt memory, or potentially allow for further confidentiality, integrity, and availability impacts.
less...
|
|
| BDSA-2024-0423 |
|
Medium |
Feb 23, 2024 |
There is an integer overflow in Wireshark's implementation of [RFC9072](https://datatracker.ietf.org/doc/rfc9072/) on the `optlen` value. A remote atta
more...
There is an integer overflow in Wireshark's implementation of [RFC9072](https://datatracker.ietf.org/doc/rfc9072/) on the `optlen` value. A remote attacker that can cause Wireshark to process manipulated packets may be able to trigger this issue to cause denial-of-service (DoS).
**Note:** The vendor has disputed this issue, because they do not believe this issue has a security impact.
less...
|
|
| BDSA-2023-3687 |
|
Medium |
Feb 23, 2024 |
Wireshark contains a heap-based buffer over-read vulnerability in the `ws_manuf_lookup_str` function. An instance of Wireshark that processes malicious
more...
Wireshark contains a heap-based buffer over-read vulnerability in the `ws_manuf_lookup_str` function. An instance of Wireshark that processes maliciously crafted packets may be susceptible to this issue, which could be used to crash the application.
**Note:** The vendor has disputed this issue, because they do not believe this issue has a security impact.
less...
|
|
| BDSA-2023-1420 |
|
Medium |
Jun 07, 2023 |
Wireshark contains a heap-based buffer overflow vulnerability due to insufficient validation of input. An attacker could exploit this issue by passing
more...
Wireshark contains a heap-based buffer overflow vulnerability due to insufficient validation of input. An attacker could exploit this issue by passing a specifically crafted RTPS packet to the application which would result in the triggering of an application crash.
less...
|
|
| BDSA-2023-0857 |
|
Medium |
Apr 14, 2023 |
Wireshark is vulnerable to a denial of service (DoS) caused by malicious packet injection. An attacker could exploit this vulnerability by injecting ma
more...
Wireshark is vulnerable to a denial of service (DoS) caused by malicious packet injection. An attacker could exploit this vulnerability by injecting maliciously crafted packets onto the wire, or by tricking someone into reading a crafted packet capture which could lead to a long loop consuming excessive CPU resources. This could result in denial of service (DoS) or an application crash.
less...
|
|
| BDSA-2023-0856 |
|
Medium |
Apr 14, 2023 |
Wireshark is vulnerable to a null pointer exception caused by malicious packet injection. An attacker could exploit this vulnerability by injecting mal
more...
Wireshark is vulnerable to a null pointer exception caused by malicious packet injection. An attacker could exploit this vulnerability by injecting maliciously crafted packets onto the wire, or by tricking someone into reading a crafted packet capture which could result in an application crash.
less...
|
|
| BDSA-2022-3833 |
|
Medium |
Jan 25, 2023 |
Wireshark is vulnerable to memory corruption via a use-after-free in the EAP packet dissector. An attacker who can inject packets onto the wire or conv
more...
Wireshark is vulnerable to memory corruption via a use-after-free in the EAP packet dissector. An attacker who can inject packets onto the wire or convince a victim into opening a malicious packet capture file could cause denial-of-service (DoS) by crashing a victims application. It might also be possible for the attacker to impact data integrity and confidentiality within the application.
less...
|
|
