Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-6114

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-23 Nov, 2007 | 20:00
Updated At-07 Aug, 2024 | 15:54
Rejected At-
Credits

Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:23 Nov, 2007 | 20:00
Updated At:07 Aug, 2024 | 15:54
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/27777
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1975
x_refsource_CONFIRM
http://secunia.com/advisories/29048
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/26532
vdb-entry
x_refsource_BID
http://www.wireshark.org/security/wnpa-sec-2007-03.html
x_refsource_CONFIRM
http://secunia.com/advisories/28564
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485792/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://security.gentoo.org/glsa/glsa-200712-23.xml
vendor-advisory
x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0059.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/28304
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1018988
vdb-entry
x_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1414
vendor-advisory
x_refsource_DEBIAN
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/28325
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:1
vendor-advisory
x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:001
vendor-advisory
x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0058.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
vendor-advisory
x_refsource_SUSE
http://bugs.gentoo.org/show_bug.cgi?id=199958
x_refsource_MISC
http://secunia.com/advisories/28583
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3956
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/28197
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28288
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
x_refsource_CONFIRM
http://secunia.com/advisories/28207
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10708
vdb-entry
signature
x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/27817
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27777
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://issues.rpath.com/browse/RPL-1975
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/29048
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/26532
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2007-03.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/28564
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/485792/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-23.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0059.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/28304
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1018988
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.debian.org/security/2007/dsa-1414
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/28325
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:1
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:001
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0058.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=199958
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/28583
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/3956
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/28197
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28288
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/28207
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10708
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/27817
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/27777
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://issues.rpath.com/browse/RPL-1975
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/29048
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/26532
vdb-entry
x_refsource_BID
x_transferred
http://www.wireshark.org/security/wnpa-sec-2007-03.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/28564
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/485792/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://security.gentoo.org/glsa/glsa-200712-23.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0059.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/28304
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1018988
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.debian.org/security/2007/dsa-1414
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/28325
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:1
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:001
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0058.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=199958
x_refsource_MISC
x_transferred
http://secunia.com/advisories/28583
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/3956
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/28197
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28288
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/28207
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10708
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/27817
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27777
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-1975
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/29048
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/26532
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2007-03.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/28564
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/485792/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-23.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0059.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/28304
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1018988
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1414
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/28325
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:1
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:001
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0058.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=199958
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/28583
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3956
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/28197
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28288
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/28207
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10708
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/27817
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:23 Nov, 2007 | 20:46
Updated At:15 Oct, 2018 | 21:50

Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Wireshark Foundation
wireshark
>>wireshark>>0.99
cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.0
cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.1
cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.2
cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.3
cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.4
cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.5
cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>0.99.6
cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.gentoo.org/show_bug.cgi?id=199958secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/27777secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27817secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28197secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28207secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28288secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28304secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28325secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28564secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28583secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29048secalert@redhat.com
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200712-23.xmlsecalert@redhat.com
N/A
http://securitytracker.com/id?1018988secalert@redhat.com
N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004secalert@redhat.com
N/A
http://www.debian.org/security/2007/dsa-1414secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:001secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:1secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0058.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0059.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/485792/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/26532secalert@redhat.com
Patch
http://www.vupen.com/english/advisories/2007/3956secalert@redhat.com
N/A
http://www.wireshark.org/security/wnpa-sec-2007-03.htmlsecalert@redhat.com
Patch
https://issues.rpath.com/browse/RPL-1975secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10708secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.htmlsecalert@redhat.com
N/A
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=199958
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27777
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27817
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28197
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28207
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28288
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28304
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28325
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28564
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28583
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29048
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200712-23.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1018988
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1414
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:001
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0058.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0059.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/485792/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/26532
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.vupen.com/english/advisories/2007/3956
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2007-03.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://issues.rpath.com/browse/RPL-1975
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10708
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1723Records found
CVE-2011-0444
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.12% / 90.42%
||
7 Day CHG~0.00%
Published-12 Jan, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2994
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.03% / 76.36%
||
7 Day CHG~0.00%
Published-13 Aug, 2010 | 18:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3146
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.34% / 84.25%
||
7 Day CHG~0.00%
Published-02 Sep, 2008 | 14:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6112
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.17% / 88.23%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6115
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.93% / 89.22%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-3628
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-5.89% / 90.23%
||
7 Day CHG~0.00%
Published-18 Jul, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

Action-Not Available
Vendor-ethereal_groupn/aWireshark Foundation
Product-etherealwiresharkn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2010-2995
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.64% / 90.82%
||
7 Day CHG~0.00%
Published-13 Aug, 2010 | 18:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2009-1210
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-34.47% / 96.85%
||
7 Day CHG~0.00%
Published-01 Apr, 2009 | 10:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2009-1266
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.47% / 63.44%
||
7 Day CHG~0.00%
Published-21 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2016-5359
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5356
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 73.19%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4417
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers a 0xff tag value.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4416
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4920
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.35% / 56.65%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4415
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.01%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4418
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.89%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet that triggers an empty set.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4079
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.50%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle Corporation
Product-wiresharkdebian_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4006
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 41.92%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4080
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.36% / 57.22%
||
7 Day CHG~0.00%
Published-25 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4933
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.50% / 80.40%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-5720
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.69%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2529
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.50%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4081
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.26% / 78.59%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2531
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2522
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2532
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2530
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.43% / 79.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4077
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4079
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.84% / 73.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSE
Product-wiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4080
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.84% / 73.69%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3557
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.18% / 88.24%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2477
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSE
Product-wiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1588
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.51% / 65.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1590
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.29% / 51.70%
||
7 Day CHG~0.00%
Published-03 Feb, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-13619
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.55% / 89.90%
||
7 Day CHG~0.00%
Published-17 Jul, 2019 | 19:18
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxCanonical Ltd.Fedora ProjectopenSUSE
Product-ubuntu_linuxdebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5240
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.98% / 75.75%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4297
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-8.50% / 92.00%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Wireshark Foundation
Product-wiresharksunosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4294
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-3.42% / 86.97%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Wireshark Foundation
Product-wiresharksunosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2394
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.82% / 82.14%
||
7 Day CHG~0.00%
Published-30 Jun, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2284
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-3.04% / 86.14%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8723
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.26% / 78.56%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8726
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.97% / 75.70%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1959
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.26% / 83.96%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1591
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-77.80% / 98.96%
||
7 Day CHG~0.00%
Published-29 Apr, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0713
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.27% / 83.98%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0538
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-28.36% / 96.33%
||
7 Day CHG~0.00%
Published-08 Feb, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0024
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-1.17% / 77.77%
||
7 Day CHG~0.00%
Published-28 Mar, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4538
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-55.86% / 98.00%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4300
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.44% / 93.32%
||
7 Day CHG~0.00%
Published-26 Nov, 2010 | 18:23
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2287
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-3.04% / 86.14%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 34
  • 35
  • Next
Details not found