cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1492,https://securityvulnerability.io/vulnerability/CVE-2025-1492,Denial of Service Vulnerability in Wireshark by The Wireshark Foundation,"A vulnerability exists in Wireshark, specifically within the Bundle Protocol and CBOR dissectors. This flaw can lead to a Denial of Service condition due to crashes when processing specially crafted packet data or capture files. Users running Wireshark versions 4.4.0 through 4.4.3 and 4.2.0 through 4.2.10 are particularly at risk. Attackers can exploit this vulnerability through malicious packet injection, which may disrupt service and hinder network analysis capabilities.",Wireshark,Wireshark,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T01:30:46.055Z,0
CVE-2024-11596,https://securityvulnerability.io/vulnerability/CVE-2024-11596,Wireshark ECMP Dissector Denial of Service Vulnerability,"A vulnerability exists in Wireshark versions 4.4.0 through 4.4.1 and 4.2.0 through 4.2.8 that can lead to a denial of service. This flaw allows an attacker to inject malicious packets or craft a specific capture file that, when processed by the ECMP dissector in Wireshark, can cause the application to crash. This vulnerability poses a significant risk to users who rely on Wireshark for network analysis, as it can disrupt their ability to analyze network traffic. Immediate action is recommended to ensure systems remain secure and functional.",Wireshark,Wireshark,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-21T09:30:59.843Z,0
CVE-2024-11595,https://securityvulnerability.io/vulnerability/CVE-2024-11595,FiveCo RAP Dissector Denial of Service Vulnerability,"The Wireshark application experiences a vulnerability within the FiveCo RAP dissector, spanning versions 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8. This vulnerability allows an attacker to exploit an infinite loop condition, resulting in a denial of service. This can be achieved through packet injection or by utilizing a specially crafted capture file. Users are advised to apply the necessary updates or patches to mitigate the risk associated with this vulnerability. Compliance with security recommendations is crucial to maintaining robust network defenses.",Wireshark,Wireshark,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-21T09:30:54.899Z,0
CVE-2024-9781,https://securityvulnerability.io/vulnerability/CVE-2024-9781,AppleTalk Dissector Crash Allows Denial of Service via Packet Injection,A vulnerability present in Wireshark allows for denial of service through the AppleTalk and RELOAD Framing dissectors. This issue arises in versions 4.4.0 and 4.2.0 to 4.2.7 when malicious actors inject packets or utilize specially crafted capture files. Users of the affected versions are encouraged to upgrade their software to maintain optimal security and functionality. This vulnerability emphasizes the importance of securing network analysis tools against potential exploitation vectors.,Wireshark,Wireshark,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-10T06:30:54.729Z,0
CVE-2024-9780,https://securityvulnerability.io/vulnerability/CVE-2024-9780,Wireshark ITS Dissector Crashes Due to Denial of Service Vulnerability,ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file,Wireshark,Wireshark,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-10T06:30:49.710Z,0
CVE-2024-8645,https://securityvulnerability.io/vulnerability/CVE-2024-8645,Denial of Service Vulnerability in SPRT Dissector of Wireshark,"A vulnerability in Wireshark versions from 4.0.0 to 4.2.0 exposes the software to a denial of service risk. This issue arises from a flaw in the SPRT dissector, allowing an attacker to exploit the vulnerability through the injection of specially crafted packets or by utilizing a malicious capture file. If an affected version of Wireshark processes these inputs, it may crash, leading to disruption in service and hindering the ability to analyze network traffic effectively. Users of the affected versions should consider upgrading to a secure release to mitigate these risks. More information is available through relevant security advisories.",Wireshark,Wireshark,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T10:02:16.798Z,0
CVE-2024-8250,https://securityvulnerability.io/vulnerability/CVE-2024-8250,NTLMSSP Dissector Denial of Service Vulnerability,NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file,Wireshark,Wireshark,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-29T00:15:00.000Z,0
CVE-2024-4855,https://securityvulnerability.io/vulnerability/CVE-2024-4855,Use After Free in editcap,Use after free issue in editcap could cause denial of service via crafted capture file,Wireshark,Editcap,3.6,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-14T15:45:00.000Z,0
CVE-2024-4854,https://securityvulnerability.io/vulnerability/CVE-2024-4854,Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark,"MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file",Wireshark,Wireshark,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-14T15:45:00.000Z,0
CVE-2024-4853,https://securityvulnerability.io/vulnerability/CVE-2024-4853,Mismatched Memory Management Routines in editcap,Memory handling issue in editcap could cause denial of service via crafted capture file,Wireshark,Editcap,3.6,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T15:45:00.000Z,0
CVE-2024-2955,https://securityvulnerability.io/vulnerability/CVE-2024-2955,T.38 Dissector Denial of Service Vulnerability in Wireshark,"A vulnerability in the T.38 dissector of Wireshark allows for a denial of service attack when an attacker injects specially crafted packets or uses a malicious capture file. Affected versions from 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 of Wireshark are susceptible to this issue, which can cause crashes and impede the application’s functionality. This presents a significant risk for users reliant on Wireshark for network analysis and monitoring.",Wireshark,Wireshark,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-26T20:02:08.419Z,0
CVE-2023-6175,https://securityvulnerability.io/vulnerability/CVE-2023-6175,NetScreen File Parser Denial of Service Vulnerability,"A vulnerability in Wireshark's handling of NetScreen file parsing can lead to a denial of service condition. This flaw is present in Wireshark versions 4.0.0 through 4.0.10 and 3.6.0 to 3.6.18. Attackers can exploit this vulnerability by crafting malicious capture files that trigger a crash when processed by Wireshark, potentially disrupting network analysis activities and impacting system availability.",Wireshark,Wireshark,7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-26T07:30:49.763Z,0
CVE-2024-24476,https://securityvulnerability.io/vulnerability/CVE-2024-24476,Buffer Overflow Vulnerability in Wireshark Software,"A vulnerability exists in Wireshark that could allow a remote attacker to exploit a buffer overflow, potentially leading to a denial of service. This issue arises due to improper handling of certain components in the source code prior to version 4.2.0, specifically within the functions found in pan/addr_resolv.c and ws_manuf_lookup_str(). It is important to note that the vendor disputes the impact of this vulnerability on any released version, emphasizing that neither version 4.2.0 nor previous iterations have been confirmed as affected. Users are advised to remain vigilant and ensure that they are using the latest stable release to fortify their systems against prospective threats.",Wireshark,Wireshark,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-21T00:00:00.000Z,0
CVE-2024-24478,https://securityvulnerability.io/vulnerability/CVE-2024-24478,Denial of Service Vulnerability in Wireshark by The Wireshark Foundation,"A vulnerability exists in Wireshark versions prior to 4.2.0 that could allow a remote attacker to trigger a denial of service condition. This issue arises from the way certain components, specifically within the dissect_bgp_open function, handle packet parsing. The vendor has disputed the existence of this vulnerability in version 4.2.0 and later versions, asserting that these releases are not affected. It's crucial for users to ensure they are running an updated version of Wireshark to minimize any potential risks.",The Wireshark Foundation,Wireshark,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-21T00:00:00.000Z,0
CVE-2024-24479,https://securityvulnerability.io/vulnerability/CVE-2024-24479,Buffer Overflow Vulnerability in Wireshark by The Wireshark Foundation,"A buffer overflow issue has been identified in versions of Wireshark prior to 4.2.0, which allows remote attackers to potentially exploit this vulnerability, resulting in a denial of service. Although the vendor has disputed claims of affected releases, it's essential for users to ensure they are running the latest version of Wireshark to mitigate potential risks. Attack vectors are associated with the handling of components such as wsutil/to_str.c and format_fractional_part_nsecs, which could be manipulated to exploit this weakness.",The Wireshark Foundation,Wireshark,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-21T00:00:00.000Z,0
CVE-2024-0209,https://securityvulnerability.io/vulnerability/CVE-2024-0209,NULL Pointer Dereference in Wireshark,"A vulnerability exists within specific versions of Wireshark, linked to an IEEE 1609.2 dissector that can be exploited to cause a denial of service. Attackers can leverage packet injection or utilize specially crafted capture files to trigger a crash in the application. This could disrupt the operational capabilities of Wireshark, leading to significant risks for users relying on this essential network protocol analyzer.",Wireshark,Wireshark,7.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-03T08:15:00.000Z,0
CVE-2024-0207,https://securityvulnerability.io/vulnerability/CVE-2024-0207,Out-of-bounds Read in Wireshark,"A vulnerability in Wireshark, specifically in version 4.2.0, allows for a denial of service due to an HTTP3 dissector crash. This vulnerability can be exploited through packet injection or by utilizing a specially crafted capture file, potentially disrupting service availability. Users are encouraged to assess their environments for exposure to this vulnerability.",Wireshark,Wireshark,7.8,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2024-01-03T08:15:00.000Z,0
CVE-2024-0211,https://securityvulnerability.io/vulnerability/CVE-2024-0211,Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark,"A denial of service vulnerability has been identified in Wireshark 4.2.0, specifically affecting the DOCSIS dissector. The flaw allows attackers to trigger a crash by injecting malicious packets or using crafted capture files. Exploitation of this vulnerability can lead to service disruption, impacting the functionality of Wireshark for legitimate users. Users are advised to update to the latest version to mitigate the risk associated with this vulnerability.",Wireshark,Wireshark,7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-03T08:15:00.000Z,0
CVE-2024-0208,https://securityvulnerability.io/vulnerability/CVE-2024-0208,Improper Handling of Missing Values in Wireshark,"A vulnerability has been identified in multiple versions of Wireshark, specifically versions 4.2.0, as well as earlier versions starting from 3.6.0 up to 3.6.19, and from 4.0.0 up to 4.0.11. This issue is due to a crash in the GVCP dissector, which can be triggered through packet injection or the use of crafted capture files. Such manipulations may lead to a denial of service, which disrupts the operation of the application and can impact users' ability to analyze network traffic effectively. Immediate attention to updating to secure versions is recommended.",Wireshark,Wireshark,7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-03T08:15:00.000Z,0
CVE-2024-0210,https://securityvulnerability.io/vulnerability/CVE-2024-0210,Uncontrolled Recursion in Wireshark,"A vulnerability exists in the Wireshark application within the Zigbee TLV dissector, specifically in version 4.2.0. Attackers can exploit this vulnerability to cause a denial of service condition by injecting malicious packets or using specially crafted capture files. This may result in unexpected application crashes, impacting the availability of the service for legitimate users. Proper input validation measures should be implemented to prevent such scenarios.",Wireshark,Wireshark,7.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-01-03T08:15:00.000Z,0
CVE-2023-6174,https://securityvulnerability.io/vulnerability/CVE-2023-6174,Out-of-bounds Read in Wireshark,SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file,Wireshark,Wireshark,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-16T12:15:00.000Z,0
CVE-2023-5371,https://securityvulnerability.io/vulnerability/CVE-2023-5371,Memory Allocation with Excessive Size Value in Wireshark,RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file,Wireshark,Wireshark,6.5,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-2906,https://securityvulnerability.io/vulnerability/CVE-2023-2906,Wireshark CP2179 divide by zero,"Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.",Wireshark,Wireshark,6.5,MEDIUM,0.001069999998435378,false,,false,false,true,2023-08-25T21:15:00.000Z,true,false,false,,2023-08-25T21:15:00.000Z,0
CVE-2023-4513,https://securityvulnerability.io/vulnerability/CVE-2023-4513,Missing Release of Memory after Effective Lifetime in Wireshark,"The Wireshark application, specifically versions 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15, is susceptible to a memory leak caused by the BT SDP dissector. This vulnerability allows attackers to exploit the application by injecting crafted packets or utilizing specially modified capture files, potentially leading to a denial of service scenario. Users and network administrators are advised to update to the latest versions to mitigate potential risks associated with this vulnerability.",Wireshark,Wireshark,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-08-24T07:15:00.000Z,0
CVE-2023-4512,https://securityvulnerability.io/vulnerability/CVE-2023-4512,Uncontrolled Recursion in Wireshark,"The CBOR dissector in Wireshark versions 4.0.0 through 4.0.6 is subject to a vulnerability that can lead to a denial of service. This is achieved through packet injection or the use of a specially crafted capture file, which causes the application to crash. Users of these versions should promptly update to mitigate the risks associated with this vulnerability.",Wireshark,Wireshark,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-08-24T07:15:00.000Z,0