All the vulnerabilites related to Wireshark Foundation - Wireshark
cve-2023-2854
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-17.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19084"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huascar Tejeda"
}
],
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:20.020893",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-17.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19084"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2854",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2023-05-24T00:00:00",
"dateUpdated": "2024-08-02T06:33:05.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0585
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-02.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.2"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive iteration in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-02.html"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-0585",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0667
Vulnerability from cvelistv5
Published
2023-06-07 02:38
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Wireshark MSMMS parsing buffer overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://takeonme.org/cves/CVE-2023-0667.html | third-party-advisory | |
| https://gitlab.com/wireshark/wireshark/-/issues/19086 | issue-tracking | |
| https://security.gentoo.org/glsa/202309-02 |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-0667.html"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19086"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.0.6"
},
{
"lessThanOrEqual": "3.6.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2023-05-22T19:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark"
}
],
"value": "Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T02:42:55.762Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/CVE-2023-0667.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19086"
},
{
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Wireshark MSMMS parsing buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-0667",
"datePublished": "2023-06-07T02:38:07.798Z",
"dateReserved": "2023-02-03T22:08:34.816Z",
"dateUpdated": "2024-08-02T05:17:50.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39924
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-10.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17677"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39924.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive iteration in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-10.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17677"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39924.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39924",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5371
Vulnerability from cvelistv5
Published
2023-10-04 16:01
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Memory Allocation with Excessive Size Value in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-27.html"
},
{
"name": "GitLab Issue #19322",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19322"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.17",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:51.442Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-27.html"
},
{
"name": "GitLab Issue #19322",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19322"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.0.9, 3.6.17 or above."
}
],
"title": "Memory Allocation with Excessive Size Value in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-5371",
"datePublished": "2023-10-04T16:01:48.187Z",
"dateReserved": "2023-10-04T03:01:36.569Z",
"dateUpdated": "2024-08-29T15:04:51.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2952
Vulnerability from cvelistv5
Published
2023-05-30 00:00
Modified
2024-08-02 06:41
Severity ?
EPSS score ?
Summary
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-20.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19100"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:16.682771",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-20.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19100"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2952",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2023-05-29T00:00:00",
"dateUpdated": "2024-08-02T06:41:03.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3724
Vulnerability from cvelistv5
Published
2022-12-09 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-08.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18384"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3724.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TODO"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of externally-controlled format string in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-09T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-08.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18384"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3724.json"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-3724",
"datePublished": "2022-12-09T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1161
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2024-08-02 05:40
Severity ?
EPSS score ?
Summary
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-08.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18839"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1161.json"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.4"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:31.687700",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-08.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18839"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1161.json"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-1161",
"datePublished": "2023-03-06T00:00:00",
"dateReserved": "2023-03-03T00:00:00",
"dateUpdated": "2024-08-02T05:40:58.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39920
Vulnerability from cvelistv5
Published
2021-11-18 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-15.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17705"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39920.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TODO"
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-15.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17705"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39920.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39920",
"datePublished": "2021-11-18T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4512
Vulnerability from cvelistv5
Published
2023-08-24 06:30
Modified
2024-08-30 15:20
Severity ?
EPSS score ?
Summary
Uncontrolled Recursion in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-23.html"
},
{
"name": "GitLab Issue #19144",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19144"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4512",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:20:06.939046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:20:16.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simone Di Maria"
}
],
"descriptions": [
{
"lang": "en",
"value": "CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:49.684Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-23.html"
},
{
"name": "GitLab Issue #19144",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19144"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.0.8 or above."
}
],
"title": "Uncontrolled Recursion in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4512",
"datePublished": "2023-08-24T06:30:45.722Z",
"dateReserved": "2023-08-24T06:30:30.744Z",
"dateUpdated": "2024-08-30T15:20:16.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4854
Vulnerability from cvelistv5
Published
2024-05-14 00:03
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:25:52.767657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:25:59.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-07.html"
},
{
"name": "GitLab Issue #19726",
"tags": [
"issue-tracking",
"permissions-required",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19726"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/15047"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/15499"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.5",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.15",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.23",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:58.774Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-07.html"
},
{
"name": "GitLab Issue #19726",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19726"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/15047"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/15499"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.5 or above."
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-4854",
"datePublished": "2024-05-14T00:03:12.486Z",
"dateReserved": "2024-05-14T00:02:57.493Z",
"dateUpdated": "2024-08-29T15:04:58.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0586
Vulnerability from cvelistv5
Published
2022-02-14 00:00
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17813"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.2"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-01.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17813"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-0586",
"datePublished": "2022-02-14T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4185
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-17.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17745"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4185.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "=3.6.0"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-17.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17745"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4185.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4185",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39928
Vulnerability from cvelistv5
Published
2021-11-18 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17704"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39928.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-13.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17704"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39928.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39928",
"datePublished": "2021-11-18T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0415
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-05.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18796"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-05.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18796"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0415",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2879
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:41
Severity ?
EPSS score ?
Summary
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:02.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-14.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19068"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2879.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:33.344581",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-14.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19068"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2879.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2879",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2023-05-25T00:00:00",
"dateUpdated": "2024-08-02T06:41:02.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0413
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0413",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0582
Vulnerability from cvelistv5
Published
2022-02-14 00:00
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-04.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17882"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.2"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-04.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17882"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-0582",
"datePublished": "2022-02-14T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9781
Vulnerability from cvelistv5
Published
2024-10-10 06:30
Modified
2024-10-10 14:37
Severity ?
EPSS score ?
Summary
Improper Handling of Missing Values in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-13.html | ||
| https://gitlab.com/wireshark/wireshark/-/issues/20114 | issue-tracking, permissions-required |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.8",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:36:27.444352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:37:33.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.8",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-230",
"description": "CWE-230: Improper Handling of Missing Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T06:30:54.729Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-13.html"
},
{
"name": "GitLab Issue #20114",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20114"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.1, 4.2.8 or above."
}
],
"title": "Improper Handling of Missing Values in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-9781",
"datePublished": "2024-10-10T06:30:54.729Z",
"dateReserved": "2024-10-10T06:30:44.702Z",
"dateUpdated": "2024-10-10T14:37:33.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0412
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18770"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled recursion in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18770"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0412",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0416
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-04.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18779"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Expired pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-04.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18779"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0416",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4511
Vulnerability from cvelistv5
Published
2023-08-24 06:30
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-24.html"
},
{
"name": "GitLab Issue #19258",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19258"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.16",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chenyuan Mi"
}
],
"descriptions": [
{
"lang": "en",
"value": "BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:49.609Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-24.html"
},
{
"name": "GitLab Issue #19258",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19258"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.0.8, 3.6.16 or above."
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4511",
"datePublished": "2023-08-24T06:30:40.729Z",
"dateReserved": "2023-08-24T06:30:25.841Z",
"dateUpdated": "2024-08-29T15:04:49.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11595
Vulnerability from cvelistv5
Published
2024-11-21 09:30
Modified
2024-11-21 09:30
Severity ?
EPSS score ?
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-14.html | ||
| https://gitlab.com/wireshark/wireshark/-/issues/20176 | issue-tracking, permissions-required |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T09:30:54.899Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-14.html"
},
{
"name": "GitLab Issue #20176",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20176"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.2, 4.2.9 or above."
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-11595",
"datePublished": "2024-11-21T09:30:54.899Z",
"dateReserved": "2024-11-21T09:30:45.415Z",
"dateUpdated": "2024-11-21T09:30:54.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4182
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-20.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17801"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4182.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "=3.6.0"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "????? ????????"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-20.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17801"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4182.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4182",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39929
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-07.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17651"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39929.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The OSS-Fuzz project"
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled recursion in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-07.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17651"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39929.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39929",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0666
Vulnerability from cvelistv5
Published
2023-06-07 02:25
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Wireshark RTPS Parsing Buffer Overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://takeonme.org/cves/CVE-2023-0666.html | third-party-advisory | |
| https://gitlab.com/wireshark/wireshark/-/issues/19085 | issue-tracking | |
| https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html | release-notes | |
| https://www.wireshark.org/security/wnpa-sec-2023-18.html | vendor-advisory | |
| https://www.debian.org/security/2023/dsa-5429 | ||
| https://security.gentoo.org/glsa/202309-02 |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-0666.html"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19085"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-18.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.0.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2023-05-22T19:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
}
],
"value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T02:42:41.249Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/CVE-2023-0666.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19085"
},
{
"tags": [
"release-notes"
],
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-18.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Wireshark RTPS Parsing Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-0666",
"datePublished": "2023-06-07T02:25:27.974Z",
"dateReserved": "2023-02-03T22:06:14.542Z",
"dateUpdated": "2024-08-02T05:17:50.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11596
Vulnerability from cvelistv5
Published
2024-11-21 09:30
Modified
2024-11-21 09:30
Severity ?
EPSS score ?
Summary
Buffer Over-read in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-15.html | ||
| https://gitlab.com/wireshark/wireshark/-/issues/20214 | issue-tracking, permissions-required |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ivan Nardi"
}
],
"descriptions": [
{
"lang": "en",
"value": "ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T09:30:59.843Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-15.html"
},
{
"name": "GitLab Issue #20214",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20214"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.2, 4.2.9 or above."
}
],
"title": "Buffer Over-read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-11596",
"datePublished": "2024-11-21T09:30:59.843Z",
"dateReserved": "2024-11-21T09:30:49.862Z",
"dateUpdated": "2024-11-21T09:30:59.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2857
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19063"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huascar Tejeda"
}
],
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:26.730710",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-13.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19063"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2857",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2023-05-24T00:00:00",
"dateUpdated": "2024-08-02T06:33:05.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6174
Vulnerability from cvelistv5
Published
2023-11-16 11:30
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Out-of-bounds Read in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-28.html"
},
{
"name": "GitLab Issue #19369",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19369"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5559"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:52.369Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-28.html"
},
{
"name": "GitLab Issue #19369",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19369"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.0.11 or above."
}
],
"title": "Out-of-bounds Read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-6174",
"datePublished": "2023-11-16T11:30:40.728Z",
"dateReserved": "2023-11-16T11:30:35.861Z",
"dateUpdated": "2024-08-29T15:04:52.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0207
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Out-of-bounds Read in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html"
},
{
"name": "GitLab Issue #19502",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dexter Gerig"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:53.867Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html"
},
{
"name": "GitLab Issue #19502",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19502"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0 or above."
}
],
"title": "Out-of-bounds Read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0207",
"datePublished": "2024-01-03T07:31:10.632Z",
"dateReserved": "2024-01-03T07:30:45.767Z",
"dateUpdated": "2024-08-29T15:04:53.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4183
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-19.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17755"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4183.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "=3.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shaohua Li"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-19.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17755"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4183.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4183",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4190
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-22.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17811"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4190.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "=3.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive iteration in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-22.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17811"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4190.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4190",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-29T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4344
Vulnerability from cvelistv5
Published
2023-01-11 00:00
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-10.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4344.json"
},
{
"name": "FEDORA-2023-9ddb9b9757",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/"
},
{
"name": "FEDORA-2023-f9e2ad8b73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.2"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled memory allocation in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-11T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-10.html"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4344.json"
},
{
"name": "FEDORA-2023-9ddb9b9757",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/"
},
{
"name": "FEDORA-2023-f9e2ad8b73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-4344",
"datePublished": "2023-01-11T00:00:00",
"dateReserved": "2022-12-07T00:00:00",
"dateUpdated": "2024-08-03T01:34:50.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39922
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-12.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17636"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39922.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Doneing"
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-12.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17636"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39922.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39922",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4181
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-21.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/5429"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4181.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "=3.6.0"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leonardo Grasso, Jason Dellaluce, and Federico Di Pierro"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-21.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/5429"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4181.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4181",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4345
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
},
{
"name": "FEDORA-2023-9ddb9b9757",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/"
},
{
"name": "FEDORA-2023-f9e2ad8b73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.2"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-11T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
},
{
"name": "FEDORA-2023-9ddb9b9757",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/"
},
{
"name": "FEDORA-2023-f9e2ad8b73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-4345",
"datePublished": "2023-01-12T00:00:00",
"dateReserved": "2022-12-07T00:00:00",
"dateUpdated": "2024-08-03T01:34:50.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0411
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-06.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18711"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18720"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18737"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive iteration in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-06.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18711"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18720"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18737"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0411",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1993
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-10.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18900"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json"
},
{
"name": "FEDORA-2023-f70fbf64cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/"
},
{
"name": "FEDORA-2023-203eff67e0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/"
},
{
"name": "FEDORA-2023-7af3ad9ffe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.5"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive iteration in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:11.185492",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-10.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18900"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json"
},
{
"name": "FEDORA-2023-f70fbf64cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/"
},
{
"name": "FEDORA-2023-203eff67e0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/"
},
{
"name": "FEDORA-2023-7af3ad9ffe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-1993",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-04-11T00:00:00",
"dateUpdated": "2024-08-02T06:05:27.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0414
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18622"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Expired pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-01.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18622"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0414",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:56.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39923
Vulnerability from cvelistv5
Published
2021-11-19 16:31
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json | x_refsource_CONFIRM | |
| https://www.wireshark.org/security/wnpa-sec-2021-11.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17684 | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-5019 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html | mailing-list, x_refsource_MLIST |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-11.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17684"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive iteration in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T21:06:23",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-11.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17684"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-39923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.2.0, \u003c3.2.18"
},
{
"version_value": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
}
]
},
"vendor_name": "Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive iteration in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-11.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-11.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17684",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17684"
},
{
"name": "DSA-5019",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39923",
"datePublished": "2021-11-19T16:31:03",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1994
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-11.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18947"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json"
},
{
"name": "FEDORA-2023-f70fbf64cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/"
},
{
"name": "FEDORA-2023-203eff67e0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/"
},
{
"name": "FEDORA-2023-7af3ad9ffe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.5"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:30.017563",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-11.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18947"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json"
},
{
"name": "FEDORA-2023-f70fbf64cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/"
},
{
"name": "FEDORA-2023-203eff67e0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/"
},
{
"name": "FEDORA-2023-7af3ad9ffe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-1994",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-04-11T00:00:00",
"dateUpdated": "2024-08-02T06:05:27.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3648
Vulnerability from cvelistv5
Published
2023-07-14 06:16
Modified
2024-10-23 14:23
Severity ?
EPSS score ?
Summary
Mismatched Memory Management Routines in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-21.html"
},
{
"name": "GitLab Issue #19105",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19105"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:06:24.856856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:23:49.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "3.6.15",
"status": "affected",
"version": "3.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-762",
"description": "CWE-762: Mismatched Memory Management Routines",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T06:16:33.827Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-21.html"
},
{
"name": "GitLab Issue #19105",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19105"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.0.7, 3.6.15 or above."
}
],
"title": "Mismatched Memory Management Routines in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3648",
"datePublished": "2023-07-14T06:16:33.827Z",
"dateReserved": "2023-07-13T02:20:56.371Z",
"dateUpdated": "2024-10-23T14:23:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0583
Vulnerability from cvelistv5
Published
2022-02-14 00:00
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-03.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17840"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.2"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-03.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17840"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-0583",
"datePublished": "2022-02-14T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39925
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-09.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17635"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39925.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Doneing"
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-09.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17635"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39925.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39925",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2855
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-12.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19062"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2855.json"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huascar Tejeda"
}
],
"descriptions": [
{
"lang": "en",
"value": "Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:34.910049",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-12.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19062"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2855.json"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2855",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2023-05-24T00:00:00",
"dateUpdated": "2024-08-02T06:33:05.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3649
Vulnerability from cvelistv5
Published
2023-07-14 06:16
Modified
2024-10-22 14:51
Severity ?
EPSS score ?
Summary
Buffer Over-read in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-22.html"
},
{
"name": "GitLab Issue #19164",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19164"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:47:51.860968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:51:22.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T06:16:45.767Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-22.html"
},
{
"name": "GitLab Issue #19164",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19164"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.0.7 or above."
}
],
"title": "Buffer Over-read in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-3649",
"datePublished": "2023-07-14T06:16:45.767Z",
"dateReserved": "2023-07-13T02:21:11.517Z",
"dateUpdated": "2024-10-22T14:51:22.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4513
Vulnerability from cvelistv5
Published
2023-08-24 06:30
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Missing Release of Memory after Effective Lifetime in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-25.html"
},
{
"name": "GitLab Issue #19259",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19259"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.16",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chenyuan Mi"
}
],
"descriptions": [
{
"lang": "en",
"value": "BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:49.769Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-25.html"
},
{
"name": "GitLab Issue #19259",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19259"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.0.8, 3.6.16 or above."
}
],
"title": "Missing Release of Memory after Effective Lifetime in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-4513",
"datePublished": "2023-08-24T06:30:50.727Z",
"dateReserved": "2023-08-24T06:30:35.789Z",
"dateUpdated": "2024-08-29T15:04:49.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0211
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-10-03 06:23
Severity ?
EPSS score ?
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"
},
{
"name": "GitLab Issue #19557",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T06:23:17.810Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"
},
{
"name": "GitLab Issue #19557",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0 or above."
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0211",
"datePublished": "2024-01-03T07:31:30.639Z",
"dateReserved": "2024-01-03T07:31:05.652Z",
"dateUpdated": "2024-10-03T06:23:17.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0209
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-02.html"
},
{
"name": "GitLab Issue #19501",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19501"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.12",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.20",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Han Zheng"
}
],
"descriptions": [
{
"lang": "en",
"value": "IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:54.035Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-02.html"
},
{
"name": "GitLab Issue #19501",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19501"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0, 4.0.12, 3.6.20 or above."
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0209",
"datePublished": "2024-01-03T07:31:20.633Z",
"dateReserved": "2024-01-03T07:30:55.666Z",
"dateUpdated": "2024-08-29T15:04:54.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0208
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-11-14 18:40
Severity ?
EPSS score ?
Summary
Improper Handling of Missing Values in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-01.html"
},
{
"name": "GitLab Issue #19496",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19496"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:39:20.513436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T18:40:14.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.12",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.20",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-230",
"description": "CWE-230: Improper Handling of Missing Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T06:23:17.720Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-01.html"
},
{
"name": "GitLab Issue #19496",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19496"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0, 4.0.12, 3.6.20 or above."
}
],
"title": "Improper Handling of Missing Values in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0208",
"datePublished": "2024-01-03T07:31:15.641Z",
"dateReserved": "2024-01-03T07:30:50.652Z",
"dateUpdated": "2024-11-14T18:40:14.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8250
Vulnerability from cvelistv5
Published
2024-08-28 23:30
Modified
2024-08-29 15:05
Severity ?
EPSS score ?
Summary
Expired Pointer Dereference in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-11.html | ||
| https://gitlab.com/wireshark/wireshark/-/issues/19943 | issue-tracking, permissions-required |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.2.7",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.17",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8250",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:47:07.749261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T13:49:00.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.7",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.17",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "CWE-825: Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:05:01.394Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-11.html"
},
{
"name": "GitLab Issue #19943",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19943"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.7 or above."
}
],
"title": "Expired Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-8250",
"datePublished": "2024-08-28T23:30:36.975Z",
"dateReserved": "2024-08-27T23:30:38.599Z",
"dateUpdated": "2024-08-29T15:05:01.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9780
Vulnerability from cvelistv5
Published
2024-10-10 06:30
Modified
2024-10-10 14:39
Severity ?
EPSS score ?
Summary
Missing Initialization of a Variable in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-12.html | ||
| https://gitlab.com/wireshark/wireshark/-/issues/20026 | issue-tracking, permissions-required |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:39:03.134487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:39:44.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-456",
"description": "CWE-456: Missing Initialization of a Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T06:30:49.710Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-12.html"
},
{
"name": "GitLab Issue #20026",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20026"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.1 or above."
}
],
"title": "Missing Initialization of a Variable in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-9780",
"datePublished": "2024-10-10T06:30:49.710Z",
"dateReserved": "2024-10-10T06:30:39.935Z",
"dateUpdated": "2024-10-10T14:39:44.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3725
Vulnerability from cvelistv5
Published
2022-10-27 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-07.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18378"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json"
},
{
"name": "FEDORA-2022-cf9ae8e4ff",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIEIFFZ27YKCTK5C2VT4OEQSHPQDBNSF/"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.8"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Qiuhao Li of Zoom Video Communications, Inc."
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:28.328962",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-07.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18378"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json"
},
{
"name": "FEDORA-2022-cf9ae8e4ff",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIEIFFZ27YKCTK5C2VT4OEQSHPQDBNSF/"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-3725",
"datePublished": "2022-10-27T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-03T01:20:57.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8645
Vulnerability from cvelistv5
Published
2024-09-10 10:02
Modified
2024-09-10 14:00
Severity ?
EPSS score ?
Summary
Access of Uninitialized Pointer in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-10.html | ||
| https://gitlab.com/wireshark/wireshark/-/issues/19559 | issue-tracking, permissions-required |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.0.16",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.2.6",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:58:18.674075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:00:16.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.6",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.16",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T10:02:16.798Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-10.html"
},
{
"name": "GitLab Issue #19559",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19559"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.6, 4.0.16 or above."
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-8645",
"datePublished": "2024-09-10T10:02:16.798Z",
"dateReserved": "2024-09-10T08:30:41.559Z",
"dateUpdated": "2024-09-10T14:00:16.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39921
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-14.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17703"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39921.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-14.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17703"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39921.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39921",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2856
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-16.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19083"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2856.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huascar Tejeda"
}
],
"descriptions": [
{
"lang": "en",
"value": "VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:23.392046",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-16.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19083"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2856.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2856",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2023-05-24T00:00:00",
"dateUpdated": "2024-08-02T06:33:05.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2906
Vulnerability from cvelistv5
Published
2023-08-25 20:41
Modified
2024-10-02 14:37
Severity ?
EPSS score ?
Summary
Wireshark CP2179 divide by zero
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"third-party-advisory",
"technical-description",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-2906.html"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19229"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:36:28.624729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T14:37:16.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.7",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "AHA!"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T20:41:19.403Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"exploit",
"third-party-advisory",
"technical-description"
],
"url": "https://takeonme.org/cves/CVE-2023-2906.html"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19229"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Wireshark CP2179 divide by zero",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-2906",
"datePublished": "2023-08-25T20:41:19.403Z",
"dateReserved": "2023-05-26T00:46:14.391Z",
"dateUpdated": "2024-10-02T14:37:16.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2955
Vulnerability from cvelistv5
Published
2024-03-26 20:02
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Mismatched Memory Management Routines in Wireshark
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2024-06.html | broken-link | |
| https://gitlab.com/wireshark/wireshark/-/issues/19695 | issue-tracking |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.2.4",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.14",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T11:38:47.749899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:41:37.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"broken-link",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html"
},
{
"name": "GitLab Issue #19695",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19695"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZD2MNS6EW2K2SSMN4YBGPZCC47KBDNEE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7TWJQKXOV4HYI5C4TWRKTN7B5YL7GTU/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.4",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.0.14",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-762",
"description": "CWE-762: Mismatched Memory Management Routines",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:56.788Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html"
},
{
"name": "GitLab Issue #19695",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19695"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.4 or above."
}
],
"title": "Mismatched Memory Management Routines in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-2955",
"datePublished": "2024-03-26T20:02:08.419Z",
"dateReserved": "2024-03-26T19:02:07.653Z",
"dateUpdated": "2024-08-29T15:04:56.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4184
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-18.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17754"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "=3.6.0"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-18.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17754"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4184",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0417
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-02.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18628"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.3"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled memory allocation in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-08T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-02.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18628"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json"
},
{
"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-0417",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2023-01-20T00:00:00",
"dateUpdated": "2024-08-02T05:10:56.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6175
Vulnerability from cvelistv5
Published
2024-03-26 07:30
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-29.html"
},
{
"name": "GitLab Issue #19404",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19404"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireshark",
"vendor": "wireshark",
"versions": [
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.19",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6175",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:19:21.744161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T16:03:26.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.0.11",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.19",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:52.444Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-29.html"
},
{
"name": "GitLab Issue #19404",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19404"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.0.11, 3.6.19 or above."
}
],
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-6175",
"datePublished": "2024-03-26T07:30:49.763Z",
"dateReserved": "2023-11-16T11:30:45.732Z",
"dateUpdated": "2024-08-29T15:04:52.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1992
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-09.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18852"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json"
},
{
"name": "FEDORA-2023-f70fbf64cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/"
},
{
"name": "FEDORA-2023-203eff67e0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/"
},
{
"name": "FEDORA-2023-7af3ad9ffe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.5"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:13.063626",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-09.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/18852"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json"
},
{
"name": "FEDORA-2023-f70fbf64cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/"
},
{
"name": "FEDORA-2023-203eff67e0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/"
},
{
"name": "FEDORA-2023-7af3ad9ffe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/"
},
{
"name": "[debian-lts-announce] 20230429 [SECURITY] [DLA 3402-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-1992",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-04-11T00:00:00",
"dateUpdated": "2024-08-02T06:05:27.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0210
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
Uncontrolled Recursion in Wireshark
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2024-04.html"
},
{
"name": "GitLab Issue #19504",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Han Zheng"
}
],
"descriptions": [
{
"lang": "en",
"value": "Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:04:54.121Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-04.html"
},
{
"name": "GitLab Issue #19504",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19504"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 4.2.0 or above."
}
],
"title": "Uncontrolled Recursion in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-0210",
"datePublished": "2024-01-03T07:31:25.644Z",
"dateReserved": "2024-01-03T07:31:00.647Z",
"dateUpdated": "2024-08-29T15:04:54.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4186
Vulnerability from cvelistv5
Published
2021-12-30 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-16.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17737"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4186.json"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null pointer dereference in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-16.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17737"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4186.json"
},
{
"name": "FEDORA-2022-a3d70b50f0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"name": "FEDORA-2022-1daf93c51d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/"
},
{
"name": "FEDORA-2022-30411cb3c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/"
},
{
"name": "FEDORA-2022-48b86d586f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-4186",
"datePublished": "2021-12-30T00:00:00",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0581
Vulnerability from cvelistv5
Published
2022-02-14 00:00
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2022-05.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17935"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0581.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.2"
},
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TODO"
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing release of memory after effective lifetime in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-05.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17935"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0581.json"
},
{
"name": "FEDORA-2022-5a3603afe0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/"
},
{
"name": "FEDORA-2022-e29665a42b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-0581",
"datePublished": "2022-02-14T00:00:00",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2858
Vulnerability from cvelistv5
Published
2023-05-26 00:00
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-15.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19081"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2858.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c4.0.6"
},
{
"status": "affected",
"version": "\u003e=3.6.0, \u003c3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huascar Tejeda"
}
],
"descriptions": [
{
"lang": "en",
"value": "NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T06:06:18.422481",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-15.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19081"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2858.json"
},
{
"name": "[debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html"
},
{
"name": "DSA-5429",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"name": "GLSA-202309-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-2858",
"datePublished": "2023-05-26T00:00:00",
"dateReserved": "2023-05-24T00:00:00",
"dateUpdated": "2024-08-02T06:33:05.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0668
Vulnerability from cvelistv5
Published
2023-06-07 02:32
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
Wireshark IEEE-C37.118 parsing buffer overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://takeonme.org/cves/CVE-2023-0668.html | third-party-advisory | |
| https://gitlab.com/wireshark/wireshark/-/issues/19087 | issue-tracking | |
| https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html | release-notes | |
| https://www.wireshark.org/security/wnpa-sec-2023-19.html | vendor-advisory | |
| https://www.debian.org/security/2023/dsa-5429 | ||
| https://security.gentoo.org/glsa/202309-02 |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-0668.html"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.0.6"
},
{
"lessThanOrEqual": "3.6.13",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.6.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2023-05-22T19:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
}
],
"value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-08T13:00:53.650Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/CVE-2023-0668.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"
},
{
"tags": [
"release-notes"
],
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5429"
},
{
"url": "https://security.gentoo.org/glsa/202309-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Wireshark IEEE-C37.118 parsing buffer overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-0668",
"datePublished": "2023-06-07T02:32:45.095Z",
"dateReserved": "2023-02-03T22:08:47.155Z",
"dateUpdated": "2024-08-02T05:17:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39926
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-04 02:20
Severity ?
EPSS score ?
Summary
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Wireshark Foundation | Wireshark |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:34.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-08.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17649"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39926.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Doneing"
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-08.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17649"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39926.json"
},
{
"name": "FEDORA-2021-97bd631e0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
},
{
"name": "FEDORA-2021-3747cf6107",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-39926",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-08-23T00:00:00",
"dateUpdated": "2024-08-04T02:20:34.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}