ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service

CVSS: 5.5 · CWE: CWE-476

View on NVD

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts an attacker-controlled dest_dir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox (_allowed_dirs) is None b…

CVSS: 6.8 · CWE: CWE-22

View on NVD

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates o…

CVSS: 7.3 · CWE: CWE-77

View on NVD

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4

CVSS: 5.5 · CWE: CWE-476

View on NVD

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

CVSS: 7.0 · CWE: CWE-22

View on NVD

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

CVSS: 7.8 · CWE: CWE-122

View on NVD

K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 4.7 · CWE: CWE-120

View on NVD

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

CVSS: 7.8 · CWE: CWE-122

View on NVD

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-824

View on NVD

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-1325

View on NVD

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-1325

View on NVD

BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-121

View on NVD

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-121

View on NVD

DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4

CVSS: 5.5 · CWE: CWE-835

View on NVD

Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-1325

View on NVD

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-1325

View on NVD

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-126

View on NVD

SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-122

View on NVD

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-122

View on NVD

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-674

View on NVD

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4

CVSS: 5.5 · CWE: CWE-476

View on NVD

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-824

View on NVD

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-415

View on NVD

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service

CVSS: 5.5 · CWE: CWE-416

View on NVD

AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-121

View on NVD

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-122

View on NVD

Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-674

View on NVD

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-674

View on NVD

SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-674

View on NVD

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

CVSS: 8.8 · CWE: CWE-122

View on NVD

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-674

View on NVD

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-674

View on NVD

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS: 5.5 · CWE: CWE-121

View on NVD

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. The proprietary format used by WebCTRL to receive updates from the PLC can also be sniffed and reve…

CVSS: 9.1 · CWE: CWE-319

View on NVD

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

CVSS: 5.5 · CWE: CWE-126

View on NVD

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service

CVSS: 4.7 · CWE: CWE-476

View on NVD

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

CVSS: 4.7 · CWE: CWE-1325

View on NVD

SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

CVSS: 5.3 · CWE: CWE-787

View on NVD

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

CVSS: 5.5 · CWE: CWE-787

View on NVD

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

CVSS: 4.7 · CWE: CWE-835

View on NVD

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

CVSS: 5.3 · CWE: CWE-787

View on NVD

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

CVSS: 5.5 · CWE: CWE-1325

View on NVD

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service

CVSS: 5.5 · CWE: CWE-824

View on NVD

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

CVSS: 7.8 · CWE: CWE-824

View on NVD

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

CVSS: 5.5 · CWE: CWE-835

View on NVD

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service

CVSS: 7.8 · CWE: CWE-476

View on NVD

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-120

View on NVD

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-674

View on NVD

ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-126

View on NVD

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-835

View on NVD

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-230

View on NVD

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-456

View on NVD

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

CVSS: 5.5 · CWE: CWE-824

View on NVD

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-825

View on NVD

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

CVSS: 6.4 · CWE: CWE-835

View on NVD

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-762

View on NVD

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file

CVSS: 7.8 · CWE: CWE-120

View on NVD

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

CVSS: 7.5 · CWE: CWE-120

View on NVD

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

CVSS: 7.5 · CWE: CWE-119

View on NVD

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

CVSS: 7.5 · CWE: CWE-680

View on NVD

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-835

View on NVD

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-674

View on NVD

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-476

View on NVD

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-230

View on NVD

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 · CWE: CWE-125

View on NVD

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-125

View on NVD

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-789

View on NVD

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

CVSS: 6.5 · CWE: CWE-369

View on NVD

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-401

View on NVD

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-674

View on NVD

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-835

View on NVD

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-126

View on NVD

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-762

View on NVD

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

CVSS: 6.5 · CWE: CWE-125

View on NVD

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

CVSS: 6.5 · CWE: CWE-122

View on NVD

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

CVSS: 6.5 · CWE: CWE-122

View on NVD

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVSS: 5.3 · CWE: CWE-835

View on NVD

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-835

View on NVD

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS: 5.3 · CWE: CWE-787

View on NVD

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS: 5.3 · CWE: CWE-787

View on NVD

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS: 5.3 · CWE: CWE-787

View on NVD

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS: 5.3 · CWE: CWE-787

View on NVD

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS: 5.3 · CWE: CWE-787

View on NVD

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-400

View on NVD

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-834

View on NVD

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-400

View on NVD

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-120

View on NVD

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-404

View on NVD

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVSS: 6.3 · CWE: CWE-404

View on NVD