Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-3445

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-26 Nov, 2010 | 18:23
Updated At-07 Aug, 2024 | 03:11
Rejected At-
Credits

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:26 Nov, 2010 | 18:23
Updated At:07 Aug, 2024 | 03:11
Rejected At:
▼CVE Numbering Authority (CNA)

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
vendor-advisory
x_refsource_SUSE
http://www.vupen.com/english/advisories/2010/3093
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/43759
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/43197
vdb-entry
x_refsource_BID
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
vendor-advisory
x_refsource_FEDORA
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
vdb-entry
signature
x_refsource_OVAL
http://www.vupen.com/english/advisories/2011/0626
vdb-entry
x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
vendor-advisory
x_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/215900
third-party-advisory
x_refsource_CERT-VN
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2010/10/12/1
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2011-0370.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0719
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/42392
third-party-advisory
x_refsource_SECUNIA
http://www.wireshark.org/security/wnpa-sec-2010-12.html
x_refsource_CONFIRM
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
x_refsource_CONFIRM
http://secunia.com/advisories/42877
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
vendor-advisory
x_refsource_FEDORA
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2010-0924.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0404
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0076
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/3067
vdb-entry
x_refsource_VUPEN
http://www.debian.org/security/2010/dsa-2127
vendor-advisory
x_refsource_DEBIAN
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/42411
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2010/10/01/10
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/43821
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.vupen.com/english/advisories/2010/3093
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/43759
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/43197
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.vupen.com/english/advisories/2011/0626
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/215900
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/12/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0370.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0719
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/42392
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2010-12.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/42877
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
Resource:
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0924.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0404
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0076
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2010/3067
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.debian.org/security/2010/dsa-2127
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/42411
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/01/10
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/43821
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.vupen.com/english/advisories/2010/3093
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/43759
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/43197
vdb-entry
x_refsource_BID
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.vupen.com/english/advisories/2011/0626
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/215900
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2010/10/12/1
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0370.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0719
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/42392
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.wireshark.org/security/wnpa-sec-2010-12.html
x_refsource_CONFIRM
x_transferred
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/42877
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
x_refsource_MISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0924.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0404
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0076
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2010/3067
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.debian.org/security/2010/dsa-2127
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/42411
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2010/10/01/10
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/43821
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3093
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/43759
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/43197
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0626
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/215900
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/12/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0370.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0719
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/42392
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2010-12.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/42877
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0924.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0404
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0076
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3067
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.debian.org/security/2010/dsa-2127
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/42411
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/01/10
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/43821
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:26 Nov, 2010 | 19:00
Updated At:11 Apr, 2025 | 00:51

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Wireshark Foundation
wireshark
>>wireshark>>1.2.0
cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.1
cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.2
cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.3
cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.4
cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.5
cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.6
cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.7
cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.8
cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.9
cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.10
cpe:2.3:a:wireshark:wireshark:1.2.10:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.2.11
cpe:2.3:a:wireshark:wireshark:1.2.11:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.0
cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.htmlsecalert@redhat.com
N/A
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_insecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/42392secalert@redhat.com
N/A
http://secunia.com/advisories/42411secalert@redhat.com
N/A
http://secunia.com/advisories/42877secalert@redhat.com
N/A
http://secunia.com/advisories/43068secalert@redhat.com
N/A
http://secunia.com/advisories/43759secalert@redhat.com
N/A
http://secunia.com/advisories/43821secalert@redhat.com
N/A
http://www.debian.org/security/2010/dsa-2127secalert@redhat.com
N/A
http://www.kb.cert.org/vuls/id/215900secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:200secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2010/10/01/10secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2010/10/12/1secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2010-0924.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-0370.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/43197secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2010/3067secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2010/3093secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/0076secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/0212secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/0404secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/0626secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/0719secalert@redhat.com
N/A
http://www.wireshark.org/security/wnpa-sec-2010-12.htmlsecalert@redhat.com
N/A
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/secalert@redhat.com
Exploit
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607secalert@redhat.com
N/A
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_inaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42392af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42411af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42877af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43068af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43759af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43821af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2010/dsa-2127af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/215900af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:200af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2010/10/01/10af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2010/10/12/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2010-0924.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0370.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/43197af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/3067af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/3093af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0076af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0212af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0404af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0626af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0719af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.wireshark.org/security/wnpa-sec-2010-12.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/af854a3a-2127-422b-91ae-364da2661108
Exploit
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42392
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42411
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42877
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/43068
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/43759
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/43821
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2127
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/215900
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/01/10
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/12/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0924.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0370.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/43197
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3067
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3093
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0076
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0404
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0626
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0719
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2010-12.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42411
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42877
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43068
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43821
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2010/dsa-2127
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/215900
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:200
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/01/10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2010/10/12/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0924.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0370.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/43197
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3067
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3093
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0404
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0626
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0719
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2010-12.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

295Records found
CVE-2014-6428
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.21%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.95% / 75.42%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.27% / 50.21%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2014-6430
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-6429
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-6431
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.96% / 82.73%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.46% / 63.25%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-6421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.47% / 63.54%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2014-6422
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.57% / 67.47%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-5161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.22% / 44.52%
||
7 Day CHG~0.00%
Published-01 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-5164
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.24% / 46.87%
||
7 Day CHG~0.00%
Published-01 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-26422
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-0.31% / 53.30%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 17:15
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle Corporation
Product-wiresharkzfs_storage_appliance_kitWireshark
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2014-5165
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.24% / 46.87%
||
7 Day CHG~0.00%
Published-01 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-5163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 72.06%
||
7 Day CHG~0.00%
Published-01 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-25863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.96%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 14:43
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle CorporationFedora ProjectopenSUSE
Product-zfs_storage_appliance_firmwarezfs_storage_appliancedebian_linuxfedorawiresharkleapn/a
CVE-2020-26420
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 17:20
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationFedora Project
Product-wiresharkfedorazfs_storage_appliance_kitWireshark
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2018-19623
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 83.69%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 04:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26418
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.34% / 56.03%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 17:27
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-wiresharkdebian_linuxzfs_storage_appliance_kitfedoraWireshark
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-9214
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-19627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.49% / 95.18%
||
7 Day CHG-1.84%
Published-29 Nov, 2018 | 04:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-19628
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.72%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 04:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-369
Divide By Zero
CVE-2013-7113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.97% / 75.67%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7114
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.98% / 75.86%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-7112
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.07% / 76.84%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.33% / 86.76%
||
7 Day CHG~0.00%
Published-22 Oct, 2008 | 17:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-399
Not Available
CVE-2008-4682
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.61% / 89.96%
||
7 Day CHG~0.00%
Published-22 Oct, 2008 | 17:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-01 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-399
Not Available
CVE-2018-14367
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.43%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2018-14369
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.32%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.64%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-4685
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.10% / 77.09%
||
7 Day CHG~0.00%
Published-22 Oct, 2008 | 17:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-399
Not Available
CVE-2008-3932
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.73% / 71.76%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 19:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-9208
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.38% / 88.54%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-3392
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.93% / 82.63%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 00:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2008-3140
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2008-3138
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.00% / 76.09%
||
7 Day CHG~0.00%
Published-10 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.

Action-Not Available
Vendor-rpathn/aWireshark Foundation
Product-wiresharkrpath_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.33% / 79.15%
||
7 Day CHG~0.00%
Published-10 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.

Action-Not Available
Vendor-rpathn/aWireshark Foundation
Product-wiresharkrpath_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3145
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-16 Jul, 2008 | 18:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25862
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.57%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 14:41
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxOracle CorporationFedora ProjectopenSUSE
Product-zfs_storage_appliance_firmwaredebian_linuxfedorawiresharkleapn/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2008-1561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.10% / 91.79%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2018-11358
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.82%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2020-25866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 14:42
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

Action-Not Available
Vendor-n/aWireshark FoundationOracle CorporationFedora ProjectopenSUSE
Product-wiresharkfedorazfs_storage_appliance_kitleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2008-1562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-42.19% / 97.35%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6438
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-19 Dec, 2007 | 22:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.88%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 05:04
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-369
Divide By Zero
CVE-2007-6121
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.

Action-Not Available
Vendor-ethereal_groupn/aWireshark Foundation
Product-wiresharketherealn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6120
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Action-Not Available
Vendor-ethereal_groupn/aWireshark Foundation
Product-wiresharketherealn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.93% / 85.87%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2017-7746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.04% / 83.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-7747
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.04% / 83.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found