Summary
| Detail | |||
|---|---|---|---|
| Vendor | Wireshark | First view | 2006-07-21 |
| Product | Wireshark | Last view | 2025-02-20 |
| Version | 0.99.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:wireshark:wireshark | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2025-02-20 | CVE-2025-1492 | Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file |
| 5.5 | 2024-11-21 | CVE-2024-11596 | ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file |
| 5.5 | 2024-11-21 | CVE-2024-11595 | FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file |
| 7.5 | 2024-10-10 | CVE-2024-9781 | AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file |
| 5.5 | 2024-09-10 | CVE-2024-8645 | SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file |
| 5.5 | 2024-08-29 | CVE-2024-8250 | NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file |
| 7.5 | 2024-05-14 | CVE-2024-4854 | MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file |
| 7.8 | 2024-03-26 | CVE-2023-6175 | NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file |
| 0 | 2024-02-21 | CVE-2024-24479 | A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. |
| 0 | 2024-02-21 | CVE-2024-24478 | An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. |
| 0 | 2024-02-21 | CVE-2024-24476 | A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. |
| 7.5 | 2024-01-03 | CVE-2024-0209 | IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file |
| 7.5 | 2024-01-03 | CVE-2024-0208 | GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file |
| 6.5 | 2023-11-16 | CVE-2023-6174 | SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file |
| 6.5 | 2023-10-04 | CVE-2023-5371 | RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file |
| 6.5 | 2023-08-25 | CVE-2023-2906 | Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. |
| 7.5 | 2023-08-24 | CVE-2023-4513 | BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file |
| 7.5 | 2023-08-24 | CVE-2023-4512 | CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file |
| 7.5 | 2023-08-24 | CVE-2023-4511 | BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file |
| 5.5 | 2023-07-14 | CVE-2023-3649 | iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file |
| 5.5 | 2023-07-14 | CVE-2023-3648 | Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file |
| 6.5 | 2023-06-07 | CVE-2023-0668 | Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. |
| 6.5 | 2023-06-07 | CVE-2023-0667 | Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark |
| 6.5 | 2023-06-07 | CVE-2023-0666 | Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. |
| 6.5 | 2023-05-30 | CVE-2023-2952 | XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 15% (27) | CWE-20 | Improper Input Validation |
| 11% (20) | CWE-476 | NULL Pointer Dereference |
| 11% (19) | CWE-125 | Out-of-bounds Read |
| 8% (15) | CWE-787 | Out-of-bounds Write |
| 7% (13) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 6% (11) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 3% (6) | CWE-674 | Uncontrolled Recursion |
| 3% (6) | CWE-404 | Improper Resource Shutdown or Release |
| 3% (6) | CWE-399 | Resource Management Errors |
| 2% (5) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 2% (5) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 2% (4) | CWE-193 | Off-by-one Error |
| 2% (4) | CWE-134 | Uncontrolled Format String |
| 2% (4) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (3) | CWE-416 | Use After Free |
| 1% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (3) | CWE-369 | Divide By Zero |
| 1% (2) | CWE-682 | Incorrect Calculation |
| 1% (2) | CWE-665 | Improper Initialization |
| 1% (2) | CWE-617 | Reachable Assertion |
| 1% (2) | CWE-190 | Integer Overflow or Wraparound |
| 1% (2) | CWE-189 | Numeric Errors |
| 1% (2) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0% (1) | CWE-763 | Release of Invalid Pointer or Reference |
| 0% (1) | CWE-415 | Double Free |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-28 | Fuzzing |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 73403 | Wireshark wiretap/pcapng.c Crafted Capture File Overflow DoS |
| 71548 | Wireshark NTLMSSP Dissector PCAP File Handling DoS |
| 67504 | Wireshark Path Subversion Arbitrary DLL Injection Code Execution |
| 65375 | Wireshark SigComp Universal Decompressor Virtual Machine Overflow |
| 65374 | Wireshark SigComp Universal Decompressor Virtual Machine Infinite Loop DoS |
| 65373 | Wireshark SMB PIPE Dissector NULL Dereference DoS |
| 65372 | Wireshark ASN.1 BER Dissector Overflow |
| 64363 | Wireshark DOCSIS Dissector Remote DoS |
| 61178 | Wireshark SMB / SMB2 Dissector Remote DoS |
| 59478 | Wireshark wiretap/erf.c Unsigned Integer Wrap ERF File Handling Overflow |
| 56017 | Wireshark AFS Dissector Unspecified DoS |
| 54629 | Wireshark PCNFSD Dissector Packet Handling DoS |
| 53903 | Wireshark Unspecified Issue |
| 53670 | Wireshark CPHAP Dissector Crafted FWHA_MY_STATE Packet Handling DoS |
| 53669 | Wireshark Crafted RF5 File Handling DoS |
| 52996 | Wireshark PN-DCP Dissector Station Name Handling Format String |
| 50069 | Wireshark SMTP Dissector Packet Handling Infinite Loop DoS |
| 49345 | Wireshark Q.931 Dissector packet-q931.c dissect_q931_cause_ie Function Use-af... |
| 47933 | Wireshark zlib-compressed Packet Data Uncompression DoS |
| 47932 | Wireshark NCP Dissector Unspecified Infinite Loop DoS |
| 47931 | Wireshark NCP Dissector Multiple Unspecified Overflows |
| 46927 | Wireshark reassemble.c Packet Reassembly Unspecified Remote DoS |
| 42577 | Wireshark TFTP Dissector Malformed Packet Handling Remote DoS |
| 42576 | Wireshark SNMP Dissector Malformed Packet Handling Remote DoS |
| 42575 | Wireshark SCTP Dissector Malformed Packet Handling Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for wireshark CESA-2011:0370 centos5 x86_64 File : nvt/gb_CESA-2011_0370_wireshark_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for wireshark CESA-2012:0509 centos6 File : nvt/gb_CESA-2012_0509_wireshark_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for wireshark RHSA-2012:0509-01 File : nvt/gb_RHSA-2012_0509-01_wireshark.nasl |
| 2012-06-27 | Name : Wireshark Denial of Service Vulnerability-02 March 11 (Mac OS X) File : nvt/gb_wireshark_dos_vuln02_mar11_macosx.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-02 (wireshark) File : nvt/glsa_201110_02.nasl |
| 2011-08-09 | Name : CentOS Update for wireshark CESA-2009:0313 centos3 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for wireshark CESA-2009:0313 centos4 i386 File : nvt/gb_CESA-2009_0313_wireshark_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for wireshark CESA-2009:1100 centos3 i386 File : nvt/gb_CESA-2009_1100_wireshark_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for wireshark CESA-2009:1100 centos5 i386 File : nvt/gb_CESA-2009_1100_wireshark_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for wireshark CESA-2010:0360 centos5 i386 File : nvt/gb_CESA-2010_0360_wireshark_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for wireshark CESA-2011:0370 centos5 i386 File : nvt/gb_CESA-2011_0370_wireshark_centos5_i386.nasl |
| 2011-06-20 | Name : Fedora Update for wireshark FEDORA-2011-7858 File : nvt/gb_fedora_2011_7858_wireshark_fc13.nasl |
| 2011-05-05 | Name : Fedora Update for wireshark FEDORA-2011-5529 File : nvt/gb_fedora_2011_5529_wireshark_fc13.nasl |
| 2011-03-25 | Name : CentOS Update for wireshark CESA-2011:0370 centos4 i386 File : nvt/gb_CESA-2011_0370_wireshark_centos4_i386.nasl |
| 2011-03-24 | Name : RedHat Update for wireshark RHSA-2011:0370-01 File : nvt/gb_RHSA-2011_0370-01_wireshark.nasl |
| 2011-03-15 | Name : Fedora Update for wireshark FEDORA-2011-2620 File : nvt/gb_fedora_2011_2620_wireshark_fc13.nasl |
| 2011-03-15 | Name : Fedora Update for wireshark FEDORA-2011-2632 File : nvt/gb_fedora_2011_2632_wireshark_fc14.nasl |
| 2011-03-09 | Name : Wireshark Denial of Service Vulnerability March-11 (Windows) File : nvt/gb_wireshark_dos_vuln_mar11_win02.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-05 (wireshark) File : nvt/glsa_201006_05.nasl |
| 2011-02-04 | Name : Fedora Update for wireshark FEDORA-2011-0460 File : nvt/gb_fedora_2011_0460_wireshark_fc13.nasl |
| 2011-01-14 | Name : Fedora Update for wireshark FEDORA-2011-0167 File : nvt/gb_fedora_2011_0167_wireshark_fc13.nasl |
| 2010-09-07 | Name : Fedora Update for wireshark FEDORA-2010-13416 File : nvt/gb_fedora_2010_13416_wireshark_fc13.nasl |
| 2010-09-07 | Name : Fedora Update for wireshark FEDORA-2010-13427 File : nvt/gb_fedora_2010_13427_wireshark_fc12.nasl |
| 2010-09-01 | Name : Wireshark File Opening Insecure Library Loading Vulnerability (Windows) File : nvt/secpod_wireshark_insecure_lib_load_vuln_win.nasl |
| 2010-08-30 | Name : CentOS Update for wireshark CESA-2010:0625 centos4 i386 File : nvt/gb_CESA-2010_0625_wireshark_centos4_i386.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-11-30 | Wireshark Sigcomp buffer overflow attempt RuleID : 44676 - Type : SERVER-OTHER - Revision : 2 |
| 2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43845 - Type : FILE-OTHER - Revision : 2 |
| 2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43844 - Type : FILE-OTHER - Revision : 2 |
| 2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43843 - Type : FILE-OTHER - Revision : 2 |
| 2017-09-06 | Wireshark PROFINET DCP response format string exploit attempt RuleID : 43842 - Type : FILE-OTHER - Revision : 2 |
| 2017-09-06 | Wireshark PROFINET DCP request format string exploit attempt RuleID : 43841 - Type : FILE-OTHER - Revision : 2 |
| 2017-09-06 | Wireshark PROFINET DCP response format string exploit attempt RuleID : 43840 - Type : FILE-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1634.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macosx_wireshark_2_4_12.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macosx_wireshark_2_6_6.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1b6cb1df72.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-3dfee621af.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-89413a04e0.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b7a58187ba.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bfdad62cd6.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-cb410a3812.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-d56c428f9e.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4359.nasl - Type: ACT_GATHER_INFO |
| 2018-12-05 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macosx_wireshark_2_4_11.nasl - Type: ACT_GATHER_INFO |
| 2018-12-05 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macosx_wireshark_2_6_5.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL34035645.nasl - Type: ACT_GATHER_INFO |
| 2018-10-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4315.nasl - Type: ACT_GATHER_INFO |
| 2018-08-02 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9ef52861b5.nasl - Type: ACT_GATHER_INFO |
| 2018-07-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-1451.nasl - Type: ACT_GATHER_INFO |
| 2018-06-06 | Name: The remote Fedora host is missing a security update. File: fedora_2018-d1cfa444d2.nasl - Type: ACT_GATHER_INFO |
| 2018-06-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4217.nasl - Type: ACT_GATHER_INFO |
| 2018-05-31 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macosx_wireshark_2_6_1.nasl - Type: ACT_GATHER_INFO |
| 2018-05-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-1388.nasl - Type: ACT_GATHER_INFO |
| 2018-04-19 | Name: The remote Debian host is missing a security update. File: debian_DLA-1353.nasl - Type: ACT_GATHER_INFO |
| 2018-04-06 | Name: An application installed on the remote MacOS / MacOSX host is affected by mul... File: macos_wireshark_2_4_6.nasl - Type: ACT_GATHER_INFO |
| 2018-03-28 | Name: The remote Fedora host is missing a security update. File: fedora_2018-cdf3f8e8b0.nasl - Type: ACT_GATHER_INFO |
| 2018-03-05 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_c5ab620f45764ad5b51f93e4fec9cd0e.nasl - Type: ACT_GATHER_INFO |
