Wireshark Foundation Wireshark vulnerabilities

83 known vulnerabilities affecting wireshark_foundation/wireshark.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH41MEDIUM41

Vulnerabilities

Page 2 of 5

CVE-2024-8250MEDIUMCVSS 5.5≥ 4.2.0, < 4.2.7≥ 4.0.0, < 4.0.172024-08-29

CVE-2024-8250 [MEDIUM] CWE-825 CVE-2024-8250: NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2024-4854HIGHCVSS 7.5≥ 4.2.0, < 4.2.5≥ 4.0.0, < 4.0.15+1 more2024-05-14

CVE-2024-4854 [HIGH] CWE-835 CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6. MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2024-2955HIGHCVSS 7.5≥ 4.2.0, < 4.2.4≥ 4.0.0, < 4.0.142024-03-26

CVE-2024-2955 [HIGH] CWE-762 CVE-2024-2955: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via pa T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-6175HIGHCVSS 7.8≥ 4.0.0, < 4.0.11≥ 3.6.0, < 3.6.192024-03-26

CVE-2023-6175 [HIGH] CWE-120 CVE-2023-6175: NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of servic NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file

cvelistv5nvd

CVE-2024-0211HIGHCVSS 7.5≥ 4.2.0, < 4.2.12024-01-03

CVE-2024-0211 [HIGH] CWE-835 CVE-2024-0211: DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted c DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2024-0210HIGHCVSS 7.5≥ 4.2.0, < 4.2.12024-01-03

CVE-2024-0210 [HIGH] CWE-674 CVE-2024-0210: Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or craft Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2024-0208HIGHCVSS 7.5≥ 4.2.0, < 4.2.1≥ 4.0.0, < 4.0.12+1 more2024-01-03

CVE-2024-0208 [HIGH] CWE-230 CVE-2024-0208: GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of servi GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2024-0207HIGHCVSS 7.5≥ 4.2.0, < 4.2.12024-01-03

CVE-2024-0207 [HIGH] CWE-125 CVE-2024-0207: HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted ca HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2024-0209HIGHCVSS 7.5≥ 4.2.0, < 4.2.1≥ 4.0.0, < 4.0.12+1 more2024-01-03

CVE-2024-0209 [HIGH] CWE-476 CVE-2024-0209: IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial o IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-6174MEDIUMCVSS 6.5≥ 4.0.0, < 4.0.112023-11-16

CVE-2023-6174 [MEDIUM] CWE-125 CVE-2023-6174: SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or cr SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-5371MEDIUMCVSS 6.5≥ 4.0.0, < 4.0.9≥ 3.6.0, < 3.6.172023-10-04

CVE-2023-5371 [MEDIUM] CWE-789 CVE-2023-5371: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-2906MEDIUMCVSS 6.5≥ 2.0.0, ≤ 4.0.72023-08-25

CVE-2023-2906 [MEDIUM] CWE-369 CVE-2023-2906: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark v Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

cvelistv5nvd

CVE-2023-4511HIGHCVSS 7.5≥ 4.0.0, < 4.0.8≥ 3.6.0, < 3.6.162023-08-24

CVE-2023-4511 [HIGH] CWE-835 CVE-2023-4511: BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of serv BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-4513HIGHCVSS 7.5≥ 4.0.0, < 4.0.8≥ 3.6.0, < 3.6.162023-08-24

CVE-2023-4513 [HIGH] CWE-401 CVE-2023-4513: BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of servic BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-4512HIGHCVSS 7.5≥ 4.0.0, < 4.0.82023-08-24

CVE-2023-4512 [HIGH] CWE-674 CVE-2023-4512: CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or cr CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-3649MEDIUMCVSS 5.5≥ 4.0.0, < 4.0.72023-07-14

CVE-2023-3649 [MEDIUM] CWE-126 CVE-2023-3649: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or c iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-3648MEDIUMCVSS 5.5≥ 4.0.0, < 4.0.7≥ 3.6.0, < 3.6.152023-07-14

CVE-2023-3648 [MEDIUM] CWE-762 CVE-2023-3648: Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via p Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

cvelistv5nvd

CVE-2023-0667MEDIUMCVSS 6.5≤ 4.0.52023-06-07

CVE-2023-0667 [MEDIUM] CWE-122 CVE-2023-0667: Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark vers Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

cvelistv5nvd

CVE-2023-0668MEDIUMCVSS 6.5≥ 4.0.0, ≤ 4.0.5≥ 3.6.0, ≤ 3.6.132023-06-07

CVE-2023-0668 [MEDIUM] CWE-125 CVE-2023-0668: Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wiresha Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

cvelistv5nvd

CVE-2023-0666MEDIUMCVSS 6.5≥ 4.0.0, ≤ 4.0.52023-06-07

CVE-2023-0666 [MEDIUM] CWE-122 CVE-2023-0666: Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark versi Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

cvelistv5nvd

← Previous2 / 5Next →