Search criteria
1487 vulnerabilities found for Wireshark by Wireshark
CERTFR-2026-AVI-0048
Vulnerability from certfr_avis - Published: 2026-01-15 - Updated: 2026-01-15
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.3",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.13",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2026-01-15T00:00:00",
"last_revision_date": "2026-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-02",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-03",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-04",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2026-01",
"url": "https://www.wireshark.org/security/wnpa-sec-2026-01.html"
}
]
}
CERTFR-2025-AVI-1062
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.12",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.2",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13946"
},
{
"name": "CVE-2025-13945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13945"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1062",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-08",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"
},
{
"published_at": "2025-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-07",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html"
}
]
}
CERTFR-2025-AVI-1026
Vulnerability from certfr_avis - Published: 2025-11-20 - Updated: 2025-11-20
De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.11",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.6.x ant\u00e9rieures \u00e0 4.6.1",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-11-20T00:00:00",
"last_revision_date": "2025-11-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Wireshark. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-06",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-05",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-05.html"
}
]
}
CERTFR-2025-AVI-0857
Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09
Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.2.x ant\u00e9rieures \u00e0 4.2.14",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.10",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-10-09T00:00:00",
"last_revision_date": "2025-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0857",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Wireshark. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-04",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
}
]
}
CERTFR-2025-AVI-0741
Vulnerability from certfr_avis - Published: 2025-08-29 - Updated: 2025-08-29
Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-08-29T00:00:00",
"last_revision_date": "2025-08-29T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0741",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Wireshark. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-03",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"
}
]
}
CERTFR-2025-AVI-0478
Vulnerability from certfr_avis - Published: 2025-06-05 - Updated: 2025-06-05
Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Wireshark versions 4.4.x ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
},
{
"description": "Wireshark versions 4.2.x ant\u00e9rieures \u00e0 4.2.12",
"product": {
"name": "Wireshark",
"vendor": {
"name": "Wireshark",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5601"
}
],
"initial_release_date": "2025-06-05T00:00:00",
"last_revision_date": "2025-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0478",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Wireshark. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Wireshark",
"vendor_advisories": [
{
"published_at": "2025-06-05",
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2025-02",
"url": "https://www.wireshark.org/security/wnpa-sec-2025-02.html"
}
]
}
CVE-2026-0962 (GCVE-0-2026-0962)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:11
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
Fatih Çelik
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0962",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:11:03.243903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:11:23.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fatih \u00c7elik"
}
],
"descriptions": [
{
"lang": "en",
"value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:38.829Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"
},
{
"name": "GitLab Issue #20945",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20945"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0962",
"datePublished": "2026-01-14T20:23:38.829Z",
"dateReserved": "2026-01-14T20:14:11.634Z",
"dateUpdated": "2026-01-14T21:11:23.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0961 (GCVE-0-2026-0961)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:08
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0961",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:08:01.416044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:08:38.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:48.832Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-01.html"
},
{
"name": "GitLab Issue #20880",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20880"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0961",
"datePublished": "2026-01-14T20:23:48.832Z",
"dateReserved": "2026-01-14T20:14:06.637Z",
"dateUpdated": "2026-01-14T21:08:38.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0960 (GCVE-0-2026-0960)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:15
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
|
Credits
Tom Needham
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0960",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:15:29.789821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:15:57.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tom Needham"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:33.849Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
},
{
"name": "GitLab Issue #20944",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20944"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0960",
"datePublished": "2026-01-14T20:23:33.849Z",
"dateReserved": "2026-01-14T20:14:02.922Z",
"dateUpdated": "2026-01-14T21:15:57.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0959 (GCVE-0-2026-0959)
Vulnerability from nvd – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:18
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
OSS-Fuzz
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0959",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:18:08.229135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:18:44.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OSS-Fuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:28.986Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"
},
{
"name": "GitLab Issue #20939",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20939"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0959",
"datePublished": "2026-01-14T20:23:28.986Z",
"dateReserved": "2026-01-14T20:13:56.850Z",
"dateUpdated": "2026-01-14T21:18:44.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13946 (GCVE-0-2025-13946)
Vulnerability from nvd – Published: 2025-12-03 08:04 – Updated: 2025-12-03 14:28
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:28:11.099019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:28:19.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:04:54.335Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"
},
{
"name": "GitLab Issue #20884",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20884"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2, 4.4.12, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13946",
"datePublished": "2025-12-03T08:04:54.335Z",
"dateReserved": "2025-12-03T07:33:42.822Z",
"dateUpdated": "2025-12-03T14:28:19.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13945 (GCVE-0-2025-13945)
Vulnerability from nvd – Published: 2025-12-03 08:04 – Updated: 2025-12-03 15:59
VLAI?
Title
Improperly Controlled Sequential Memory Allocation in Wireshark
Summary
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
|
Credits
Sébastien Féry
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:59:21.378576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:59:28.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S\u00e9bastien F\u00e9ry"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:04:49.403Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html"
},
{
"name": "GitLab Issue #20860",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20860"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2 or above"
}
],
"title": "Improperly Controlled Sequential Memory Allocation in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13945",
"datePublished": "2025-12-03T08:04:49.403Z",
"dateReserved": "2025-12-03T07:33:37.960Z",
"dateUpdated": "2025-12-03T15:59:28.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13674 (GCVE-0-2025-13674)
Vulnerability from nvd – Published: 2025-11-26 11:33 – Updated: 2025-11-26 14:06
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T14:06:08.560289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T14:06:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BPv7 dissector crash in Wireshark 4.6.0 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T11:33:39.916Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-05.html"
},
{
"name": "GitLab Issue #20770",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20770"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1 or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13674",
"datePublished": "2025-11-26T11:33:39.916Z",
"dateReserved": "2025-11-25T18:33:44.747Z",
"dateUpdated": "2025-11-26T14:06:22.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13499 (GCVE-0-2025-13499)
Vulnerability from nvd – Published: 2025-11-21 06:03 – Updated: 2025-12-11 15:34
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-22T04:55:20.177632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:34:55.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T06:03:52.020Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
},
{
"name": "GitLab Issue #20823",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1, 4.4.11, or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13499",
"datePublished": "2025-11-21T06:03:52.020Z",
"dateReserved": "2025-11-21T05:33:17.924Z",
"dateUpdated": "2025-12-11T15:34:55.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11626 (GCVE-0-2025-11626)
Vulnerability from nvd – Published: 2025-10-10 22:33 – Updated: 2025-10-14 14:16
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.10
(semver)
Affected: 4.2.0 , < 4.2.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:43:17.989074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:16:08.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.14",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T22:33:26.431Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
},
{
"name": "GitLab Issue #20724",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20724"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.10, 4.2.14, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-11626",
"datePublished": "2025-10-10T22:33:26.431Z",
"dateReserved": "2025-10-10T22:33:21.568Z",
"dateUpdated": "2025-10-14T14:16:08.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9817 (GCVE-0-2025-9817)
Vulnerability from nvd – Published: 2025-09-03 07:38 – Updated: 2025-09-04 03:55
VLAI?
Title
NULL Pointer Dereference in Wireshark
Summary
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.9
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T03:55:16.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.9",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:38:58.940Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"
},
{
"name": "GitLab Issue #20642",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20642"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.9 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-9817",
"datePublished": "2025-09-03T07:38:58.940Z",
"dateReserved": "2025-09-01T23:33:21.559Z",
"dateUpdated": "2025-09-04T03:55:16.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5601 (GCVE-0-2025-5601)
Vulnerability from nvd – Published: 2025-06-04 10:30 – Updated: 2025-06-04 13:14
VLAI?
Title
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
Summary
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.7
(semver)
Affected: 4.2.0 , < 4.2.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:13:50.312279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:14:01.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T10:30:46.001Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-02.html"
},
{
"name": "GitLab Issue #20509",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20509"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.7, 4.2.13 or above."
}
],
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-5601",
"datePublished": "2025-06-04T10:30:46.001Z",
"dateReserved": "2025-06-04T10:30:41.648Z",
"dateUpdated": "2025-06-04T13:14:01.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-0961 (GCVE-0-2026-0961)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:08
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0961",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:08:01.416044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:08:38.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:48.832Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-01.html"
},
{
"name": "GitLab Issue #20880",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20880"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0961",
"datePublished": "2026-01-14T20:23:48.832Z",
"dateReserved": "2026-01-14T20:14:06.637Z",
"dateUpdated": "2026-01-14T21:08:38.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0962 (GCVE-0-2026-0962)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:11
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
Fatih Çelik
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0962",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:11:03.243903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:11:23.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fatih \u00c7elik"
}
],
"descriptions": [
{
"lang": "en",
"value": "SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:38.829Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-03.html"
},
{
"name": "GitLab Issue #20945",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20945"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0962",
"datePublished": "2026-01-14T20:23:38.829Z",
"dateReserved": "2026-01-14T20:14:11.634Z",
"dateUpdated": "2026-01-14T21:11:23.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0960 (GCVE-0-2026-0960)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:15
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service
Severity ?
4.7 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
|
Credits
Tom Needham
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0960",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:15:29.789821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:15:57.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tom Needham"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:33.849Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-04.html"
},
{
"name": "GitLab Issue #20944",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20944"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0960",
"datePublished": "2026-01-14T20:23:33.849Z",
"dateReserved": "2026-01-14T20:14:02.922Z",
"dateUpdated": "2026-01-14T21:15:57.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0959 (GCVE-0-2026-0959)
Vulnerability from cvelistv5 – Published: 2026-01-14 20:23 – Updated: 2026-01-14 21:18
VLAI?
Title
Out-of-bounds Write in Wireshark
Summary
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Severity ?
5.3 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.3
(semver)
Affected: 4.4.0 , < 4.4.13 (semver) |
Credits
OSS-Fuzz
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0959",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:18:08.229135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:18:44.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.13",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OSS-Fuzz"
}
],
"descriptions": [
{
"lang": "en",
"value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T20:23:28.986Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2026-02.html"
},
{
"name": "GitLab Issue #20939",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20939"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.3 or above"
}
],
"title": "Out-of-bounds Write in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-0959",
"datePublished": "2026-01-14T20:23:28.986Z",
"dateReserved": "2026-01-14T20:13:56.850Z",
"dateUpdated": "2026-01-14T21:18:44.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13946 (GCVE-0-2025-13946)
Vulnerability from cvelistv5 – Published: 2025-12-03 08:04 – Updated: 2025-12-03 14:28
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:28:11.099019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:28:19.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:04:54.335Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-08.html"
},
{
"name": "GitLab Issue #20884",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20884"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2, 4.4.12, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13946",
"datePublished": "2025-12-03T08:04:54.335Z",
"dateReserved": "2025-12-03T07:33:42.822Z",
"dateUpdated": "2025-12-03T14:28:19.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13945 (GCVE-0-2025-13945)
Vulnerability from cvelistv5 – Published: 2025-12-03 08:04 – Updated: 2025-12-03 15:59
VLAI?
Title
Improperly Controlled Sequential Memory Allocation in Wireshark
Summary
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0 , < 4.6.1
(semver)
|
Credits
Sébastien Féry
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:59:21.378576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:59:28.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S\u00e9bastien F\u00e9ry"
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:04:49.403Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-07.html"
},
{
"name": "GitLab Issue #20860",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20860"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.2 or above"
}
],
"title": "Improperly Controlled Sequential Memory Allocation in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13945",
"datePublished": "2025-12-03T08:04:49.403Z",
"dateReserved": "2025-12-03T07:33:37.960Z",
"dateUpdated": "2025-12-03T15:59:28.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13674 (GCVE-0-2025-13674)
Vulnerability from cvelistv5 – Published: 2025-11-26 11:33 – Updated: 2025-11-26 14:06
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T14:06:08.560289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T14:06:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BPv7 dissector crash in Wireshark 4.6.0 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T11:33:39.916Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-05.html"
},
{
"name": "GitLab Issue #20770",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20770"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1 or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13674",
"datePublished": "2025-11-26T11:33:39.916Z",
"dateReserved": "2025-11-25T18:33:44.747Z",
"dateUpdated": "2025-11-26T14:06:22.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13499 (GCVE-0-2025-13499)
Vulnerability from cvelistv5 – Published: 2025-11-21 06:03 – Updated: 2025-12-11 15:34
VLAI?
Title
Access of Uninitialized Pointer in Wireshark
Summary
Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.6.0
Affected: 4.4.0 , < 4.4.11 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-22T04:55:20.177632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:34:55.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "4.6.0"
},
{
"lessThan": "4.4.11",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824: Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T06:03:52.020Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-06.html"
},
{
"name": "GitLab Issue #20823",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20823"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.6.1, 4.4.11, or above"
}
],
"title": "Access of Uninitialized Pointer in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-13499",
"datePublished": "2025-11-21T06:03:52.020Z",
"dateReserved": "2025-11-21T05:33:17.924Z",
"dateUpdated": "2025-12-11T15:34:55.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11626 (GCVE-0-2025-11626)
Vulnerability from cvelistv5 – Published: 2025-10-10 22:33 – Updated: 2025-10-14 14:16
VLAI?
Title
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Summary
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
Severity ?
5.5 (Medium)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.10
(semver)
Affected: 4.2.0 , < 4.2.14 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T13:43:17.989074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:16:08.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.14",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T22:33:26.431Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-04.html"
},
{
"name": "GitLab Issue #20724",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20724"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.10, 4.2.14, or above"
}
],
"title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-11626",
"datePublished": "2025-10-10T22:33:26.431Z",
"dateReserved": "2025-10-10T22:33:21.568Z",
"dateUpdated": "2025-10-14T14:16:08.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9817 (GCVE-0-2025-9817)
Vulnerability from cvelistv5 – Published: 2025-09-03 07:38 – Updated: 2025-09-04 03:55
VLAI?
Title
NULL Pointer Dereference in Wireshark
Summary
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
Severity ?
7.8 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.9
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T03:55:16.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.9",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:38:58.940Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-03.html"
},
{
"name": "GitLab Issue #20642",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20642"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.9 or above"
}
],
"title": "NULL Pointer Dereference in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-9817",
"datePublished": "2025-09-03T07:38:58.940Z",
"dateReserved": "2025-09-01T23:33:21.559Z",
"dateUpdated": "2025-09-04T03:55:16.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5601 (GCVE-0-2025-5601)
Vulnerability from cvelistv5 – Published: 2025-06-04 10:30 – Updated: 2025-06-04 13:14
VLAI?
Title
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
Summary
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wireshark Foundation | Wireshark |
Affected:
4.4.0 , < 4.4.7
(semver)
Affected: 4.2.0 , < 4.2.13 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:13:50.312279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:14:01.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThan": "4.4.7",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T10:30:46.001Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2025-02.html"
},
{
"name": "GitLab Issue #20509",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/20509"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 4.4.7, 4.2.13 or above."
}
],
"title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) in Wireshark"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2025-5601",
"datePublished": "2025-06-04T10:30:46.001Z",
"dateReserved": "2025-06-04T10:30:41.648Z",
"dateUpdated": "2025-06-04T13:14:01.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201706-0813
Vulnerability from variot - Updated: 2025-04-20 23:16In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Wireshark (formerly known as Ethereal) is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the \342\200\230dissect_IODWriteReq\342\200\231 function of the plugins/profinet/packet-dcerpc-pn-io.c file in Wireshark version 2.2.7. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Wireshark 2.2.7 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0813",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireshark",
"scope": "eq",
"trust": 3.3,
"vendor": "wireshark",
"version": "2.2.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "debian linux",
"version": "8.0"
}
],
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "BID",
"id": "99187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wireshark:wireshark",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "99187"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9766",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9766",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-16243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9766",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9766",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9766",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-16243",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-950",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Wireshark (formerly known as Ethereal) is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the \\342\\200\\230dissect_IODWriteReq\\342\\200\\231 function of the plugins/profinet/packet-dcerpc-pn-io.c file in Wireshark version 2.2.7. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. \nAttackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. \nWireshark 2.2.7 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "BID",
"id": "99187"
},
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9766",
"trust": 3.5
},
{
"db": "BID",
"id": "99187",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-16243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922",
"trust": 0.8
},
{
"db": "IVD",
"id": "574B44DD-7862-4FCD-8942-A6046B4023F7",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "BID",
"id": "99187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"id": "VAR-201706-0813",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
}
]
},
"last_update_date": "2025-04-20T23:16:06.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PROFINET IO: define an arbitrary recursion depth limit",
"trust": 0.8,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000"
},
{
"title": "Bug 13811",
"trust": 0.8,
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811"
},
{
"title": "Wireshark \u0027profinet/packet-dcerpc-pn-io.c\u0027 patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98687"
},
{
"title": "Wireshark Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71172"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99187"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"trust": 1.0,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3ba=commit%3bh=d6e888400ba64de3147d1111a4c23edf389b0000"
},
{
"trust": 0.9,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9766"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9766"
},
{
"trust": 0.3,
"url": "http://www.wireshark.org/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "BID",
"id": "99187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "BID",
"id": "99187"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "99187"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"date": "2017-06-21T07:29:00.303000",
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"date": "2017-06-21T00:00:00",
"db": "BID",
"id": "99187"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004922"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-950"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wireshark \u0027profinet/packet-dcerpc-pn-io.c\u0027 Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNVD",
"id": "CNVD-2017-16243"
},
{
"db": "BID",
"id": "99187"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "574b44dd-7862-4fcd-8942-a6046b4023f7"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-950"
}
],
"trust": 0.8
}
}
VAR-201708-1254
Vulnerability from variot - Updated: 2025-04-20 23:12In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. Wireshark Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wireshark is a suite of network packet analysis software developed by the Wireshark team. The Wireshark Profinet I/O parser has a security vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. An attacker can leverage this issue to crash the affected application, denying service to legitimate users. Wireshark 2.4.0 and 2.2.0 through 2.2.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4060-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2017 https://www.debian.org/security/faq
Package : wireshark CVE ID : CVE-2017-11408 CVE-2017-13766 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085
It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.
For the oldstable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u12.
For the stable distribution (stretch), these problems have been fixed in version 2.2.6+g32dac6a-2+deb9u1.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlorzcgACgkQEMKTtsN8 Tjbdrg//TwdPY0X/BByo9yCHBaDJiTjq5YtIW5QY3BpPreFH2vlJnF/xCPc2C01y XmIOfRmSn17750SI459dUnovaD8OA51lexYWHbCesTdw/9eXSazssYitckUwOSnz CTx+tp9XqXMrZuDQOdFXqItnZ2nr5K0xTSHVu1lmkJL4C4waItkefEpQHwolKQaH tMdEWd2jM/jjm+dU9Dlo+6pghZdPNXzawzm7273Ca8gwGkGt4SCf/s9ruhJc113c hgQ8NzdASNdvnj28o9dQ0V9ooUxq6SEItSOCMXeq+P+Qfk1RTqT83SOZtEdGmtol yFMenLaVeoNzrrDTSNJuXeGPwJFOFcKY5la5ob3+pae4F+mAmyd7CVMsXVLhiVf8 CS6sGnsyaXugTXQKsfG2l9d5chfMJ/Qj1iAzY0gn2Jt6zOc5sROVvG/ItT6U2vF1 WiUPVULyUdHR1cFdDudA04fQaeY+PzDj0TJ7/iRAT0evK6lp405Yhz0mz6Ro2b3K eQfuF7aLVKYOLEqvjdnEZV1cFAYyySEMPXsxWS9sKyWzImKsOIEBFzTMDglMoZd8 1TMgvr+WCRmpp5XMldIoDNydUkmMdeGQcEtUH4kKWdOs/RRC3218GwtYaJ10WfwX 7rSSoViG1VSG/HPXRY++S8GLSe6aRE0ABfP9stsY2HKheKcXowA= =JKbF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireshark",
"scope": "eq",
"trust": 3.0,
"vendor": "wireshark",
"version": "2.4.0"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.7"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.6"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.5"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.4"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.3"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.2"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.9,
"vendor": "wireshark",
"version": "2.2.1"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.6,
"vendor": "wireshark",
"version": "2.0.13"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.6,
"vendor": "wireshark",
"version": "2.2.0"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.8"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.3"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.6"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.11"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.7"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.10"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.0"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.1"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.5"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.12"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.4"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.9"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 1.0,
"vendor": "wireshark",
"version": "2.0.2"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.8,
"vendor": "wireshark",
"version": "2.2.0 to 2.2.8"
},
{
"model": "wireshark",
"scope": "gte",
"trust": 0.6,
"vendor": "wireshark",
"version": "2.2.0,\u003c=2.2.8"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.4"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.2.8"
},
{
"model": "wireshark",
"scope": "eq",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.2"
},
{
"model": "wireshark",
"scope": "ne",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.4.1"
},
{
"model": "wireshark",
"scope": "ne",
"trust": 0.3,
"vendor": "wireshark",
"version": "2.2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wireshark",
"version": "2.4.0"
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wireshark:wireshark",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ulf33286",
"sources": [
{
"db": "BID",
"id": "100542"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13766",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13766",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-30755",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13766",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13766",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13766",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-30755",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13766",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. Wireshark Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wireshark is a suite of network packet analysis software developed by the Wireshark team. The Wireshark Profinet I/O parser has a security vulnerability that allows an attacker to exploit a vulnerability to submit a special request for a denial of service attack. Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. \nAn attacker can leverage this issue to crash the affected application, denying service to legitimate users. \nWireshark 2.4.0 and 2.2.0 through 2.2.8 are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4060-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 09, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : wireshark\nCVE ID : CVE-2017-11408 CVE-2017-13766 CVE-2017-17083 CVE-2017-17084 \n CVE-2017-17085\n\nIt was discovered that wireshark, a network protocol analyzer, contained\nseveral vulnerabilities in the dissectors for CIP Safety, IWARP_MPA,\nNetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the\nexecution of arbitrary code. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1.12.1+g01b65bf-4+deb8u12. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 2.2.6+g32dac6a-2+deb9u1. \n\nWe recommend that you upgrade your wireshark packages. \n\nFor the detailed security status of wireshark please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/wireshark\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlorzcgACgkQEMKTtsN8\nTjbdrg//TwdPY0X/BByo9yCHBaDJiTjq5YtIW5QY3BpPreFH2vlJnF/xCPc2C01y\nXmIOfRmSn17750SI459dUnovaD8OA51lexYWHbCesTdw/9eXSazssYitckUwOSnz\nCTx+tp9XqXMrZuDQOdFXqItnZ2nr5K0xTSHVu1lmkJL4C4waItkefEpQHwolKQaH\ntMdEWd2jM/jjm+dU9Dlo+6pghZdPNXzawzm7273Ca8gwGkGt4SCf/s9ruhJc113c\nhgQ8NzdASNdvnj28o9dQ0V9ooUxq6SEItSOCMXeq+P+Qfk1RTqT83SOZtEdGmtol\nyFMenLaVeoNzrrDTSNJuXeGPwJFOFcKY5la5ob3+pae4F+mAmyd7CVMsXVLhiVf8\nCS6sGnsyaXugTXQKsfG2l9d5chfMJ/Qj1iAzY0gn2Jt6zOc5sROVvG/ItT6U2vF1\nWiUPVULyUdHR1cFdDudA04fQaeY+PzDj0TJ7/iRAT0evK6lp405Yhz0mz6Ro2b3K\neQfuF7aLVKYOLEqvjdnEZV1cFAYyySEMPXsxWS9sKyWzImKsOIEBFzTMDglMoZd8\n1TMgvr+WCRmpp5XMldIoDNydUkmMdeGQcEtUH4kKWdOs/RRC3218GwtYaJ10WfwX\n7rSSoViG1VSG/HPXRY++S8GLSe6aRE0ABfP9stsY2HKheKcXowA=\n=JKbF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "PACKETSTORM",
"id": "145369"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13766",
"trust": 3.7
},
{
"db": "BID",
"id": "100542",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039254",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-30755",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387",
"trust": 0.8
},
{
"db": "IVD",
"id": "0255AA7B-2BD4-4EED-AA31-3973E910869E",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-13766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145369",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "PACKETSTORM",
"id": "145369"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"id": "VAR-201708-1254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
}
]
},
"last_update_date": "2025-04-20T23:12:56.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PNIO: Fix another potential OOB write.",
"trust": 0.8,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e"
},
{
"title": "Fix potential oob write crashes",
"trust": 0.8,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc"
},
{
"title": "Bug 13847",
"trust": 0.8,
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847"
},
{
"title": "wnpa-sec-2017-39",
"trust": 0.8,
"url": "https://www.wireshark.org/security/wnpa-sec-2017-39.html"
},
{
"title": "Patch for Wireshark Profinet I/O Parser Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/104164"
},
{
"title": "Wireshark Profinet I/O Remediation measures for resolver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74464"
},
{
"title": "Red Hat: CVE-2017-13766",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-13766"
},
{
"title": "Debian Security Advisories: DSA-4060-1 wireshark -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9fa9c0d441399d6fc65360f421999159"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.wireshark.org/security/wnpa-sec-2017-39.html"
},
{
"trust": 2.0,
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13766"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100542"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039254"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2017/dsa-4060"
},
{
"trust": 1.0,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3ba=commit%3bh=2096bc1e5078732543e0a3ee115a2ce520a72bbc"
},
{
"trust": 1.0,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3ba=commit%3bh=af7b093ca528516c14247acb545046199d30843e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13766"
},
{
"trust": 0.7,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e"
},
{
"trust": 0.7,
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc"
},
{
"trust": 0.3,
"url": "http://www.wireshark.org/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-13766"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11408"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17083"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wireshark"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17084"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "PACKETSTORM",
"id": "145369"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"db": "BID",
"id": "100542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"db": "PACKETSTORM",
"id": "145369"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-20T00:00:00",
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"date": "2017-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100542"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"date": "2017-12-12T05:29:06",
"db": "PACKETSTORM",
"id": "145369"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"date": "2017-08-30T09:29:00.497000",
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30755"
},
{
"date": "2017-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13766"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100542"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007387"
},
{
"date": "2017-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1295"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-13766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wireshark Profinet I/O Parser Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0255aa7b-2bd4-4eed-aa31-3973e910869e"
},
{
"db": "CNVD",
"id": "CNVD-2017-30755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1295"
}
],
"trust": 0.6
}
}