Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4295

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Aug, 2012 | 10:00
Updated At-06 Aug, 2024 | 20:35
Rejected At-
Credits

Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Aug, 2012 | 10:00
Updated At:06 Aug, 2024 | 20:35
Rejected At:
▼CVE Numbering Authority (CNA)

Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/55035
vdb-entry
x_refsource_BID
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419
x_refsource_CONFIRM
http://secunia.com/advisories/54425
third-party-advisory
x_refsource_SECUNIA
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419
x_refsource_CONFIRM
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/51363
third-party-advisory
x_refsource_SECUNIA
http://www.wireshark.org/security/wnpa-sec-2012-16.html
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718
vdb-entry
signature
x_refsource_OVAL
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
x_refsource_CONFIRM
http://secunia.com/advisories/50276
third-party-advisory
x_refsource_SECUNIA
https://hermes.opensuse.org/messages/15514562
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/55035
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/54425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419
Resource:
x_refsource_CONFIRM
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/51363
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-16.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/50276
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://hermes.opensuse.org/messages/15514562
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/55035
vdb-entry
x_refsource_BID
x_transferred
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/54425
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419
x_refsource_CONFIRM
x_transferred
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/51363
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.wireshark.org/security/wnpa-sec-2012-16.html
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/50276
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://hermes.opensuse.org/messages/15514562
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/55035
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/54425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/51363
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-16.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/50276
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://hermes.opensuse.org/messages/15514562
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Aug, 2012 | 10:38
Updated At:29 Apr, 2026 | 01:13

Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Wireshark Foundation
wireshark
>>wireshark>>1.8.0
cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
Wireshark Foundation
wireshark
>>wireshark>>1.8.1
cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>sunos>>5.11
cpe:2.3:o:sun:sunos:5.11:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419cve@mitre.org
Exploit
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419cve@mitre.org
N/A
http://secunia.com/advisories/50276cve@mitre.org
N/A
http://secunia.com/advisories/51363cve@mitre.org
N/A
http://secunia.com/advisories/54425cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/55035cve@mitre.org
N/A
http://www.wireshark.org/security/wnpa-sec-2012-16.htmlcve@mitre.org
Vendor Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3cve@mitre.org
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563cve@mitre.org
N/A
https://hermes.opensuse.org/messages/15514562cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718cve@mitre.org
N/A
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/50276af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/51363af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/54425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/55035af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.wireshark.org/security/wnpa-sec-2012-16.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563af854a3a-2127-422b-91ae-364da2661108
N/A
https://hermes.opensuse.org/messages/15514562af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419
Source: cve@mitre.org
Resource:
Exploit
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/50276
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/51363
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/54425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/55035
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-16.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/15514562
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/50276
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/51363
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/54425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/55035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.wireshark.org/security/wnpa-sec-2012-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/15514562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

265Records found

CVE-2013-2488
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.83% / 84.88%
||
7 Day CHG~0.00%
Published-07 Mar, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

Action-Not Available
Vendor-n/aWireshark FoundationopenSUSEDebian GNU/Linux
Product-debian_linuxwiresharkopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1585
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.86% / 54.17%
||
7 Day CHG~0.00%
Published-03 Feb, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1580
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.73% / 49.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1575
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.9||LOW
EPSS-0.73% / 49.69%
||
7 Day CHG~0.00%
Published-03 Feb, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-6059
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.68% / 83.98%
||
7 Day CHG~0.00%
Published-05 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0041
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.03% / 78.68%
||
7 Day CHG~0.00%
Published-11 Apr, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.

Action-Not Available
Vendor-n/aWireshark FoundationRed Hat, Inc.
Product-wiresharkenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0066
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-3.20% / 86.56%
||
7 Day CHG~0.00%
Published-11 Apr, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.

Action-Not Available
Vendor-n/aWireshark FoundationRed Hat, Inc.
Product-wiresharkenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0067
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-6.60% / 93.03%
||
7 Day CHG~0.00%
Published-11 Apr, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.

Action-Not Available
Vendor-n/aWireshark FoundationRed Hat, Inc.
Product-wiresharkenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3484
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.66% / 73.72%
||
7 Day CHG~0.00%
Published-20 Sep, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2430
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.27% / 92.72%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2428
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.25% / 91.53%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5717
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.44% / 69.90%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 23:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1455
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.70% / 74.48%
||
7 Day CHG~0.00%
Published-11 May, 2010 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.

Action-Not Available
Vendor-ethereal_groupn/aWireshark Foundation
Product-etherealwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2715
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-1.11% / 61.83%
||
7 Day CHG~0.00%
Published-07 Aug, 2009 | 18:33
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-virtualboxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-3549
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.60% / 83.45%
||
7 Day CHG~0.00%
Published-30 Oct, 2009 | 20:05
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.

Action-Not Available
Vendor-n/aWireshark FoundationSun Microsystems (Oracle Corporation)
Product-wiresharksparcn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0609
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.54% / 83.07%
||
7 Day CHG~0.00%
Published-17 Feb, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1268
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.70% / 74.48%
||
7 Day CHG~0.00%
Published-13 Apr, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1357
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-7.18% / 93.53%
||
7 Day CHG~0.00%
Published-23 Apr, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_delegated_administratorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0868
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 76.77%
||
7 Day CHG~0.00%
Published-10 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aFujitsu LimitedMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-solariswindowsjasmine2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4910
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.34% / 95.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_web_startn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4681
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.70% / 74.48%
||
7 Day CHG~0.00%
Published-22 Oct, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3838
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 27.05%
||
7 Day CHG~0.00%
Published-27 Aug, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-opensolarissolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3111
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.27% / 89.88%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2945
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.80% / 84.71%
||
7 Day CHG~0.00%
Published-30 Jun, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_access_managerjava_system_identity_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2405
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_active_server_pagesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2401
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.46% / 82.52%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_active_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0718
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.33% / 25.02%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6121
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.02% / 78.58%
||
7 Day CHG~0.00%
Published-23 Nov, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.

Action-Not Available
Vendor-ethereal_groupn/aWireshark Foundation
Product-etherealwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5462
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.24% / 80.66%
||
7 Day CHG~0.00%
Published-15 Oct, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5375
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-1.44% / 70.01%
||
7 Day CHG~0.00%
Published-11 Oct, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_virtual_machinen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-3715
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.29% / 81.08%
||
7 Day CHG~0.00%
Published-11 Jul, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_web_serverjava_system_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-3716
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.55% / 87.91%
||
7 Day CHG~0.00%
Published-11 Jul, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9259
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.32% / 81.35%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9256
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.53%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0012
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.88% / 76.94%
||
7 Day CHG~0.00%
Published-09 Jan, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9262
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.53%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9258
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.98% / 78.05%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9260
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.57% / 83.25%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-4842
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-7.68% / 93.86%
||
7 Day CHG~0.00%
Published-12 Oct, 2006 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Netscape (Yahoo Inc.)
Product-portable_runtime_apisolarisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4420
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.39% / 68.92%
||
7 Day CHG~0.00%
Published-01 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8723
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.92% / 91.07%
||
7 Day CHG~0.00%
Published-04 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11354
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.83% / 84.91%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14369
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.35% / 87.22%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14339
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.52% / 87.79%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14438
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.43%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 00:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11357
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.88% / 85.15%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9354
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.81% / 84.79%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 05:04
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7747
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.47% / 82.55%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6473
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.67% / 83.90%
||
7 Day CHG~0.00%
Published-04 Mar, 2017 | 03:38
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-13767
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.27%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found