CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6175 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
https://notcve.org/view.php?id=CVE-2023-6175
20 Nov 2023 — NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file La falla del analizador de archivos NetScreen en Wireshark 4.0.0 a 4.0.10 y 3.6.0 a 3.6.18 permite la denegación de servicio a través de un archivo de captura manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially craft... • https://gitlab.com/wireshark/wireshark/-/issues/19404 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6174 – Out-of-bounds Read in Wireshark
https://notcve.org/view.php?id=CVE-2023-6174
16 Nov 2023 — SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file La falla del disector SSH en Wireshark 4.0.0 a 4.0.10 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code. • https://gitlab.com/wireshark/wireshark/-/issues/19369 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-5371 – Memory Allocation with Excessive Size Value in Wireshark
https://notcve.org/view.php?id=CVE-2023-5371
04 Oct 2023 — RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file La pérdida de memoria del disector RTPS en Wireshark 4.0.0 a 4.0.8 y 3.6.0 a 3.6.16 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado. Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark. Versions greater than or equal to 4.0.11 are affected. • https://gitlab.com/wireshark/wireshark/-/issues/19322 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2906 – Wireshark CP2179 divide by zero
https://notcve.org/view.php?id=CVE-2023-2906
25 Aug 2023 — Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. Debido a un error al validar la longitud proporcionada por un paquete CP2179 creado por un atacante, las versiones de Wireshark 2.0.0 a 4.0.7 son susceptibles a una división por cero, lo que permite un ataque de denegación de servicio. • https://gitlab.com/wireshark/wireshark/-/issues/19229 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4513 – Missing Release of Memory after Effective Lifetime in Wireshark
https://notcve.org/view.php?id=CVE-2023-4513
24 Aug 2023 — BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file La pérdida de memoria del disector BT SDP en Wireshark 4.0.0 a 4.0.7 y 3.6.0 a 3.6.15 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19259 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4512 – Uncontrolled Recursion in Wireshark
https://notcve.org/view.php?id=CVE-2023-4512
24 Aug 2023 — CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file La falla del disector CBOR en Wireshark 4.0.0 a 4.0.6 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19144 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4511 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2023-4511
24 Aug 2023 — BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file El bucle infinito del disector BT SDP en Wireshark 4.0.0 a 4.0.7 y 3.6.0 a 3.6.15 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19258 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3649 – Buffer Over-read in Wireshark
https://notcve.org/view.php?id=CVE-2023-3649
14 Jul 2023 — iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file This update for wireshark fixes the following issues. • https://gitlab.com/wireshark/wireshark/-/issues/19164 • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3648 – Mismatched Memory Management Routines in Wireshark
https://notcve.org/view.php?id=CVE-2023-3648
14 Jul 2023 — Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file This update for wireshark fixes the following issues. • https://gitlab.com/wireshark/wireshark/-/issues/19105 • CWE-762: Mismatched Memory Management Routines •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0667 – Wireshark MSMMS parsing buffer overflow
https://notcve.org/view.php?id=CVE-2023-0667
07 Jun 2023 — Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark Debido a un fallo en la validación de la longitud proporcionada por un atacante en un paquete manipulado MSMMS, Wireshark v4.0.5 y anteriores, en una configuración inusual, es susceptible a un desbordamiento de búfer de pila, y posiblemen... • https://gitlab.com/wireshark/wireshark/-/issues/19086 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •