RSS   Vulnerabilities for 'Wireshark'   RSS

2021-03-15
 
CVE-2021-22191

CWE-74
 

 
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

 
2021-02-17
 
CVE-2021-22174

CWE-400
 

 
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

 
 
CVE-2021-22173

CWE-401
 

 
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

 
2020-12-21
 
CVE-2020-26422

CWE-120
 

 
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

 
2020-12-11
 
CVE-2020-26421

CWE-125
 

 
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

 
 
CVE-2020-26420

CWE-401
 

 
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

 
 
CVE-2020-26419

CWE-401
 

 
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

 
 
CVE-2020-26418

CWE-401
 

 
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

 
2020-10-06
 
CVE-2020-25866

CWE-476
 

 
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

 
 
CVE-2020-25863

NVD-CWE-noinfo
 

 
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

 


Copyright 2021, cxsecurity.com

 

Back to Top