Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4292

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Aug, 2012 | 10:00
Updated At-06 Aug, 2024 | 20:35
Rejected At-
Credits

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Aug, 2012 | 10:00
Updated At:06 Aug, 2024 | 20:35
Rejected At:
ā–¼CVE Numbering Authority (CNA)

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/55035
vdb-entry
x_refsource_BID
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
x_refsource_CONFIRM
http://secunia.com/advisories/54425
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158
vdb-entry
signature
x_refsource_OVAL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/51363
third-party-advisory
x_refsource_SECUNIA
http://www.wireshark.org/security/wnpa-sec-2012-21.html
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366
x_refsource_CONFIRM
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/50276
third-party-advisory
x_refsource_SECUNIA
https://hermes.opensuse.org/messages/15514562
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/55035
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/54425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/51363
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-21.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/50276
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://hermes.opensuse.org/messages/15514562
Resource:
vendor-advisory
x_refsource_SUSE
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/55035
vdb-entry
x_refsource_BID
x_transferred
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/54425
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/51363
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.wireshark.org/security/wnpa-sec-2012-21.html
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366
x_refsource_CONFIRM
x_transferred
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/50276
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://hermes.opensuse.org/messages/15514562
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/55035
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/54425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/51363
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-21.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/50276
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://hermes.opensuse.org/messages/15514562
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Aug, 2012 | 10:38
Updated At:29 Apr, 2026 | 01:13

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Wireshark Foundation
wireshark
>>wireshark>>1.6.0
cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.1
cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.2
cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.3
cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.4
cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.5
cpe:2.3:a:wireshark:wireshark:1.6.5:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.6
cpe:2.3:a:wireshark:wireshark:1.6.6:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.7
cpe:2.3:a:wireshark:wireshark:1.6.7:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.8
cpe:2.3:a:wireshark:wireshark:1.6.8:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.6.9
cpe:2.3:a:wireshark:wireshark:1.6.9:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
openSUSE
opensuse
>>opensuse>>12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>sunos>>5.11
cpe:2.3:o:sun:sunos:5.11:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.0
cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.1
cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.0
cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.1
cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.2
cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.3
cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.4
cpe:2.3:a:wireshark:wireshark:1.4.4:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.5
cpe:2.3:a:wireshark:wireshark:1.4.5:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.6
cpe:2.3:a:wireshark:wireshark:1.4.6:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.7
cpe:2.3:a:wireshark:wireshark:1.4.7:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.8
cpe:2.3:a:wireshark:wireshark:1.4.8:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.9
cpe:2.3:a:wireshark:wireshark:1.4.9:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.10
cpe:2.3:a:wireshark:wireshark:1.4.10:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.11
cpe:2.3:a:wireshark:wireshark:1.4.11:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.12
cpe:2.3:a:wireshark:wireshark:1.4.12:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.13
cpe:2.3:a:wireshark:wireshark:1.4.13:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.4.14
cpe:2.3:a:wireshark:wireshark:1.4.14:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366cve@mitre.org
Patch
http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380cve@mitre.org
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366cve@mitre.org
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.htmlcve@mitre.org
N/A
http://secunia.com/advisories/50276cve@mitre.org
N/A
http://secunia.com/advisories/51363cve@mitre.org
N/A
http://secunia.com/advisories/54425cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/55035cve@mitre.org
N/A
http://www.wireshark.org/security/wnpa-sec-2012-21.htmlcve@mitre.org
Vendor Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3cve@mitre.org
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569cve@mitre.org
Exploit
https://hermes.opensuse.org/messages/15514562cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158cve@mitre.org
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366af854a3a-2127-422b-91ae-364da2661108
Patch
http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380af854a3a-2127-422b-91ae-364da2661108
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366af854a3a-2127-422b-91ae-364da2661108
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/50276af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/51363af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/54425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/55035af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.wireshark.org/security/wnpa-sec-2012-21.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569af854a3a-2127-422b-91ae-364da2661108
Exploit
https://hermes.opensuse.org/messages/15514562af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/50276
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/51363
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/54425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/55035
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-21.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://hermes.opensuse.org/messages/15514562
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/50276
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/51363
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/54425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/55035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-21.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://hermes.opensuse.org/messages/15514562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

449Records found

CVE-2012-4295
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.47% / 70.56%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

Action-Not Available
Vendor-n/aWireshark FoundationSun Microsystems (Oracle Corporation)
Product-wiresharksunosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3934
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.62% / 45.49%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3933
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.62% / 45.49%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2483
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2012-5237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.89% / 54.84%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2012-5238
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.91% / 55.62%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2012-3826
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-3.44% / 87.53%
||
7 Day CHG~0.00%
Published-30 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2012-4048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.39% / 68.93%
||
7 Day CHG~0.00%
Published-24 Jul, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-4290
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.19% / 64.28%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-opensusewiresharksunosenterprise_linuxn/a
CVE-2012-4293
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.19% / 64.06%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)
Product-wiresharksunosopensusen/a
CVE-2012-4288
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.94% / 77.69%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)
Product-wiresharksunosopensusen/a
CVE-2012-4289
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.29% / 66.76%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-opensusewiresharksunosenterprise_linuxn/a
CVE-2012-4285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-2.08% / 79.26%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-opensusewiresharksunosenterprise_linuxn/a
CVE-2012-4296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-2.13% / 79.67%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)
Product-wiresharksunosopensusen/a
CVE-2012-2394
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-3.98% / 89.22%
||
7 Day CHG~0.00%
Published-30 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2393
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-3.77% / 88.62%
||
7 Day CHG~0.00%
Published-30 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2392
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-3.47% / 87.62%
||
7 Day CHG~0.00%
Published-30 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2012-1594
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.58% / 72.57%
||
7 Day CHG~0.00%
Published-11 Apr, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-1593
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-11.29% / 95.44%
||
7 Day CHG~0.00%
Published-11 Apr, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2010-2286
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.12% / 62.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2010-2283
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.12% / 62.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2007-6441
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.00% / 58.57%
||
7 Day CHG~0.00%
Published-19 Dec, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2013-2480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.05% / 60.17%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2013-2484
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.05% / 60.17%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2012-3825
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-3.35% / 87.21%
||
7 Day CHG~0.00%
Published-30 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2013-2478
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CVE-2013-2479
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.05% / 60.17%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSE
Product-wiresharkopensusen/a
CVE-2013-2477
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.99% / 58.30%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSE
Product-wiresharkopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-2475
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.14% / 62.70%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSE
Product-wiresharkopensusen/a
CVE-2012-4291
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.19% / 64.28%
||
7 Day CHG~0.00%
Published-16 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSESun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-opensusewiresharksunosenterprise_linuxn/a
CVE-2010-2285
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-1.13% / 62.43%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CVE-2020-7045
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 70.32%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 03:07
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-2281
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.96% / 85.55%
||
7 Day CHG+0.02%
Published-11 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0207
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-16.85% / 96.67%
||
7 Day CHG~0.00%
Published-09 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

Action-Not Available
Vendor-christos_zoulasn/aopenSUSEOracle CorporationThe PHP GroupDebian GNU/Linux
Product-debian_linuxphpfilelinuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0480
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-5.8||MEDIUM
EPSS-2.28% / 80.98%
||
7 Day CHG~0.00%
Published-26 Aug, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.

Action-Not Available
Vendor-n/aDjangoopenSUSE
Product-djangoopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7112
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.31% / 81.25%
||
7 Day CHG~0.00%
Published-19 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6339
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.99% / 78.20%
||
7 Day CHG~0.00%
Published-04 Nov, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0128
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6340
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.67% / 74.00%
||
7 Day CHG~0.00%
Published-04 Nov, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6336
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.93% / 77.59%
||
7 Day CHG~0.00%
Published-04 Nov, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0038
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.9||MEDIUM
EPSS-34.65% / 98.22%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSE
Product-linux_kernelopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5717
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.88% / 76.98%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5721
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.68% / 74.18%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4932
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.27% / 86.89%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4111
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.99% / 58.09%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-n/aOpenStackopenSUSE
Product-python_glanceclientopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4123
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-80.45% / 99.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4587
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.53% / 40.87%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSE
Product-linux_kernelopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4078
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.40% / 87.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4083
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.28% / 86.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.82% / 84.86%
||
7 Day CHG~0.00%
Published-25 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found