CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4854 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2024-4854
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file Los bucles infinitos de disección TLV de MONGO y ZigBee en Wireshark 4.2.0 a 4.2.4, 4.0.0 a 4.0.14 y 3.6.0 a 3.6.22 permiten la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19726 https://gitlab.com/wireshark/wireshark/-/merge_requests/15047 https://gitlab.com/wireshark/wireshark/-/merge_requests/15499 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ https://www.wireshark.org/security/wnpa-sec-2024-07.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0209 – NULL Pointer Dereference in Wireshark
https://notcve.org/view.php?id=CVE-2024-0209
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file El fallo del disector IEEE 1609.2 en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19501 https://www.wireshark.org/security/wnpa-sec-2024-02.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0208 – Uncontrolled Recursion in Wireshark
https://notcve.org/view.php?id=CVE-2024-0208
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file El fallo del disector GVCP en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19496 https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V https://www.wireshark.org/security/wnpa-sec-2024-01.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6175 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
https://notcve.org/view.php?id=CVE-2023-6175
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file La falla del analizador de archivos NetScreen en Wireshark 4.0.0 a 4.0.10 y 3.6.0 a 3.6.18 permite la denegación de servicio a través de un archivo de captura manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially crafted packet capture file. The specific flaw exists within the parsing of packet capture files in the NetScreen format. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://gitlab.com/wireshark/wireshark/-/issues/19404 https://www.wireshark.org/security/wnpa-sec-2023-29.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5371 – Memory Allocation with Excessive Size Value in Wireshark
https://notcve.org/view.php?id=CVE-2023-5371
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file La pérdida de memoria del disector RTPS en Wireshark 4.0.0 a 4.0.8 y 3.6.0 a 3.6.16 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado. • https://gitlab.com/wireshark/wireshark/-/issues/19322 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V https://security.gentoo.org/glsa/202402-09 https://www.wireshark.org/security/wnpa-sec-2023-27.html • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •