Wireshark

Wireshark

685 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-13765

  • EPSS 1.18%
  • Veröffentlicht 30.08.2017 09:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.

7.5

CVE-2017-13766

  • EPSS 0.45%
  • Veröffentlicht 30.08.2017 09:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.

7.8

CVE-2017-13767

  • EPSS 0.33%
  • Veröffentlicht 30.08.2017 09:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.

7.8

CVE-2017-11406

  • EPSS 0.81%
  • Veröffentlicht 18.07.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.

7.5

CVE-2017-11407

  • EPSS 1.19%
  • Veröffentlicht 18.07.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.

7.5

CVE-2017-11408

  • EPSS 0.6%
  • Veröffentlicht 18.07.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.

7.8

CVE-2017-11409

  • EPSS 1.19%
  • Veröffentlicht 18.07.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.

7.8

CVE-2017-11410

  • EPSS 0.26%
  • Veröffentlicht 18.07.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relat...

7.8

CVE-2017-11411

  • EPSS 0.48%
  • Veröffentlicht 18.07.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an i...

7.5

CVE-2017-9766

  • EPSS 0.89%
  • Veröffentlicht 21.06.2017 07:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.