CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5601 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
https://notcve.org/view.php?id=CVE-2025-5601
04 Jun 2025 — Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file Los fallos en el manejo de columnas en Wireshark 4.4.0 a 4.4.6 y 4.2.0 a 4.2.12 permiten la denegación de servicio mediante inyección de paquetes o un archivo de captura manipulado. These are all security issues fixed in the libwireshark18-4.4.7-1.1 package on the GA media of openSUSE Tumbleweed. • https://gitlab.com/wireshark/wireshark/-/issues/20509 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1492 – Uncontrolled Recursion in Wireshark
https://notcve.org/view.php?id=CVE-2025-1492
20 Feb 2025 — Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file A flaw was found in Wireshark. Bundle Protocol and CBOR dissector crashes in Wireshark allow denial of service via packet injection or crafted capture file. This update for wireshark fixes the following issues. Uncontrolled recursion leading to a stack buffer overflow can cause Bundle Protocol and CBOR dissector to crash. • https://gitlab.com/wireshark/wireshark/-/issues/20373 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11596 – Buffer Over-read in Wireshark
https://notcve.org/view.php?id=CVE-2024-11596
21 Nov 2024 — ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file This update for wireshark fixes the following issues. FiveCo RAP dissector infinite loop. ECMP dissector crash. • https://www.wireshark.org/security/wnpa-sec-2024-15.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11595 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2024-11595
21 Nov 2024 — FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file This update for wireshark fixes the following issues. FiveCo RAP dissector infinite loop. ECMP dissector crash. • https://www.wireshark.org/security/wnpa-sec-2024-14.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9781 – Improper Handling of Missing Values in Wireshark
https://notcve.org/view.php?id=CVE-2024-9781
10 Oct 2024 — AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file These are all security issues fixed in the libwireshark18-4.4.1-1.1 package on the GA media of openSUSE Tumbleweed. • https://www.wireshark.org/security/wnpa-sec-2024-13.html • CWE-230: Improper Handling of Missing Values •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9780 – Missing Initialization of a Variable in Wireshark
https://notcve.org/view.php?id=CVE-2024-9780
10 Oct 2024 — ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file These are all security issues fixed in the libwireshark18-4.4.1-1.1 package on the GA media of openSUSE Tumbleweed. • https://www.wireshark.org/security/wnpa-sec-2024-12.html • CWE-456: Missing Initialization of a Variable •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8645 – Access of Uninitialized Pointer in Wireshark
https://notcve.org/view.php?id=CVE-2024-8645
10 Sep 2024 — SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file These are all security issues fixed in the libwireshark18-4.4.0-2.1 package on the GA media of openSUSE Tumbleweed. • https://gitlab.com/wireshark/wireshark/-/issues/19559 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8250 – Expired Pointer Dereference in Wireshark
https://notcve.org/view.php?id=CVE-2024-8250
28 Aug 2024 — NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file This update for wireshark fixes the following issues. Upgraded Wireshark to version 3.6.24. Fixed NTLMSSP dissector crash. • https://gitlab.com/wireshark/wireshark/-/issues/19943 • CWE-825: Expired Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4855 – Use After Free in editcap
https://notcve.org/view.php?id=CVE-2024-4855
14 May 2024 — Use after free issue in editcap could cause denial of service via crafted capture file Un problema de Use after free en editcap podría causar denegación de servicio a través de un archivo de captura manipulado This update for wireshark fixes the following issues. MONGO and ZigBee TLV dissector infinite loops The editcap command line utility could crash when chopping bytes from the beginning of a packet The editcap command line utility could crash when injecting secrets while writing multiple files. • https://gitlab.com/wireshark/wireshark/-/issues/19782 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4854 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2024-4854
14 May 2024 — MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file Los bucles infinitos de disección TLV de MONGO y ZigBee en Wireshark 4.2.0 a 4.2.4, 4.0.0 a 4.0.14 y 3.6.0 a 3.6.22 permiten la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19726 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •