This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Wireshark First view 2014-11-22
Product Wireshark Last view 2020-08-13
Version 1.10.10 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:wireshark:wireshark

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2020-08-13 CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

7.5 2020-07-05 CVE-2020-15466

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

7.5 2020-05-19 CVE-2020-13164

In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.

7.5 2020-04-10 CVE-2020-11647

In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.

7.5 2020-02-27 CVE-2020-9431

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.

7.5 2020-02-27 CVE-2020-9430

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.

7.5 2020-02-27 CVE-2020-9429

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.

7.5 2020-02-27 CVE-2020-9428

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

6.5 2020-01-16 CVE-2020-7045

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

7.5 2020-01-16 CVE-2020-7044

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.

7.5 2019-12-05 CVE-2019-19553

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

7.5 2019-09-15 CVE-2019-16319

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

7.5 2019-07-17 CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

7.5 2019-05-23 CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

7.5 2019-04-09 CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

7.5 2019-04-09 CVE-2019-10901

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

7.5 2019-04-09 CVE-2019-10899

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

7.5 2019-04-09 CVE-2019-10896

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.

7.5 2019-04-09 CVE-2019-10895

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

7.5 2019-04-09 CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

7.5 2019-02-27 CVE-2019-9214

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

7.5 2019-02-27 CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

7.5 2019-02-27 CVE-2019-9208

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

5.5 2019-01-08 CVE-2019-5721

In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.

5.5 2019-01-08 CVE-2019-5719

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
21% (23) CWE-20 Improper Input Validation
11% (12) CWE-476 NULL Pointer Dereference
11% (12) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (11) CWE-772 Missing Release of Resource after Effective Lifetime
10% (11) CWE-125 Out-of-bounds Read
3% (4) CWE-189 Numeric Errors
3% (4) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (3) CWE-787 Out-of-bounds Write
2% (3) CWE-399 Resource Management Errors
1% (2) CWE-665 Improper Initialization
1% (2) CWE-416 Use After Free
1% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (2) CWE-369 Divide By Zero
1% (2) CWE-190 Integer Overflow or Wraparound
1% (2) CWE-19 Data Handling
0% (1) CWE-770 Allocation of Resources Without Limits or Throttling
0% (1) CWE-763 Release of Invalid Pointer or Reference
0% (1) CWE-682 Incorrect Calculation
0% (1) CWE-617 Reachable Assertion
0% (1) CWE-415 Double Free
0% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
0% (1) CWE-252 Unchecked Return Value
0% (1) CWE-193 Off-by-one Error
0% (1) CWE-134 Uncontrolled Format String
0% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1634.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macosx_wireshark_2_4_12.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macosx_wireshark_2_6_6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1b6cb1df72.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-3dfee621af.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-89413a04e0.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b7a58187ba.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bfdad62cd6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-cb410a3812.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d56c428f9e.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4359.nasl - Type: ACT_GATHER_INFO
2018-12-05 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macosx_wireshark_2_4_11.nasl - Type: ACT_GATHER_INFO
2018-12-05 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macosx_wireshark_2_6_5.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL34035645.nasl - Type: ACT_GATHER_INFO
2018-10-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4315.nasl - Type: ACT_GATHER_INFO
2018-08-02 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9ef52861b5.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1451.nasl - Type: ACT_GATHER_INFO
2018-06-06 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d1cfa444d2.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4217.nasl - Type: ACT_GATHER_INFO
2018-05-31 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macosx_wireshark_2_6_1.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1388.nasl - Type: ACT_GATHER_INFO
2018-04-19 Name: The remote Debian host is missing a security update.
File: debian_DLA-1353.nasl - Type: ACT_GATHER_INFO
2018-04-06 Name: An application installed on the remote MacOS / MacOSX host is affected by mul...
File: macos_wireshark_2_4_6.nasl - Type: ACT_GATHER_INFO
2018-03-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-cdf3f8e8b0.nasl - Type: ACT_GATHER_INFO
2018-03-05 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_c5ab620f45764ad5b51f93e4fec9cd0e.nasl - Type: ACT_GATHER_INFO