Filtered by vendor Wireshark Subscriptions
Total 668 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-26419 3 Fedoraproject, Oracle, Wireshark 3 Fedora, Zfs Storage Appliance Kit, Wireshark 2024-08-04 3.1 Low
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
CVE-2020-25866 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
CVE-2020-25863 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
CVE-2020-25862 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Leap and 2 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
CVE-2020-17498 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more 2024-08-04 6.5 Medium
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
CVE-2020-15466 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
CVE-2020-13164 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
CVE-2020-11647 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.
CVE-2020-9428 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
CVE-2020-9430 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
CVE-2020-9431 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
CVE-2020-9429 2 Opensuse, Wireshark 2 Leap, Wireshark 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.
CVE-2020-7044 4 Fedoraproject, Opensuse, Oracle and 1 more 5 Fedora, Leap, Solaris and 2 more 2024-08-04 7.5 High
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
CVE-2020-7045 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-08-04 6.5 Medium
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.
CVE-2021-39929 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-08-04 7.5 High
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39923 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-08-04 7.5 High
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39922 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-08-04 7.5 High
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39925 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-08-04 7.5 High
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39921 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-08-04 7.5 High
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
CVE-2021-39924 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2024-08-04 7.5 High
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file