CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24478
https://notcve.org/view.php?id=CVE-2024-24478
21 Feb 2024 — An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. Un problema en el equipo Wireshark Wireshark anterior a v.4.2.0 permite que un atacante remoto provoque una denegación de servicio a través de los componentes paquete-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_... • https://gist.github.com/1047524396/e82c55147cd3cb62ef20cbdb0ec83694 • CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-24479
https://notcve.org/view.php?id=CVE-2024-24479
21 Feb 2024 — A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. Vulnerabilidad de desbordamiento de búfer en el equipo Wireshark Wireshark anterior a v.4.2.0 permite que un atacante remoto provoque una denegación de servicio a través de los componentes wsutil/to_str.c y format_fractional_part_nsecs. • https://gist.github.com/1047524396/c50ad17e9a1a18990043a7cd27814c78 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 0CVE-2024-24476 – SUSE Security Advisory - SUSE-SU-2024:1347-1
https://notcve.org/view.php?id=CVE-2024-24476
21 Feb 2024 — A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. Vulnerabilidad de desbordamiento de búfer en el equipo Wireshark Wireshark anterior a v.4.2.0 permite que un atacante remoto provoque una denegación de servicio a través de los componentes de tamaño pan/addr_resolv.c y ws_manuf_lookup_str()... • https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0211 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2024-0211
03 Jan 2024 — DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file El fallo del disector DOCSIS en Wireshark 4.2.0 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado This update for wireshark fixes the following issues. • https://gitlab.com/wireshark/wireshark/-/issues/19557 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0210 – Uncontrolled Recursion in Wireshark
https://notcve.org/view.php?id=CVE-2024-0210
03 Jan 2024 — Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file El fallo del disector Zigbee TLV en Wireshark 4.2.0 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado This update for wireshark fixes the following issues. • https://gitlab.com/wireshark/wireshark/-/issues/19504 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0209 – NULL Pointer Dereference in Wireshark
https://notcve.org/view.php?id=CVE-2024-0209
03 Jan 2024 — IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file El fallo del disector IEEE 1609.2 en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado This update for wireshark fixes the following issues. Updated to Wireshark 3.6.20. Fixed a crash in the GVCP dissector. Fixed a crash in the IEEE 1609.2 dissector. • https://gitlab.com/wireshark/wireshark/-/issues/19501 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-0208 – Improper Handling of Missing Values in Wireshark
https://notcve.org/view.php?id=CVE-2024-0208
03 Jan 2024 — GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file El fallo del disector GVCP en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado This update for wireshark fixes the following issues. Updated to Wireshark 3.6.20. Fixed a crash in the GVCP dissector. Fixed a crash in the IEEE 1609.2 dissector. • https://gitlab.com/wireshark/wireshark/-/issues/19496 • CWE-230: Improper Handling of Missing Values CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0207 – Out-of-bounds Read in Wireshark
https://notcve.org/view.php?id=CVE-2024-0207
03 Jan 2024 — HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file El fallo del disector HTTP3 en Wireshark 4.2.0 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado This update for wireshark fixes the following issues. • https://gitlab.com/wireshark/wireshark/-/issues/19502 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6175 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
https://notcve.org/view.php?id=CVE-2023-6175
20 Nov 2023 — NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file La falla del analizador de archivos NetScreen en Wireshark 4.0.0 a 4.0.10 y 3.6.0 a 3.6.18 permite la denegación de servicio a través de un archivo de captura manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially craft... • https://gitlab.com/wireshark/wireshark/-/issues/19404 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6174 – Out-of-bounds Read in Wireshark
https://notcve.org/view.php?id=CVE-2023-6174
16 Nov 2023 — SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file La falla del disector SSH en Wireshark 4.0.0 a 4.0.10 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code. • https://gitlab.com/wireshark/wireshark/-/issues/19369 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-125: Out-of-bounds Read •