Wireshark Wireshark

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Wireshark.

By the Year

In 2025 there have been 1 vulnerability in Wireshark with an average score of 7.5 out of ten. Last year, in 2024 Wireshark had 16 security vulnerabilities published. Right now, Wireshark is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.75.




Year Vulnerabilities Average Score
2025 1 7.50
2024 16 6.75
2023 31 6.56
2022 8 7.41
2021 22 7.42
2020 20 6.85
2019 22 6.95
2018 79 7.43

It may take a day or so for new Wireshark vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Wireshark Security Vulnerabilities

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10

CVE-2025-1492 7.5 - High - February 20, 2025

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Stack Exhaustion

Wireshark FiveCo RAP Dissector Infinite Loop Denial of Service Vulnerability

CVE-2024-11595 5.5 - Medium - November 21, 2024

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

Infinite Loop

Wireshark ECMP Dissector Denial of Service Vulnerability

CVE-2024-11596 5.5 - Medium - November 21, 2024

ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

Out-of-bounds Read

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7

CVE-2024-9781 7.5 - High - October 10, 2024

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

ITS dissector crash in Wireshark 4.4.0

CVE-2024-9780 5.5 - Medium - October 10, 2024

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

Missing Initialization of Resource

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15

CVE-2024-8645 5.5 - Medium - September 10, 2024

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

Access of Uninitialized Pointer

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16

CVE-2024-8250 5.5 - Medium - August 29, 2024

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

Memory Corruption

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22

CVE-2024-4854 7.5 - High - May 14, 2024

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Infinite Loop

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18

CVE-2023-6175 7.8 - High - March 26, 2024

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file

Classic Buffer Overflow

A buffer overflow in Wireshark before 4.2.0

CVE-2024-24476 - February 21, 2024

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

A Buffer Overflow in Wireshark before 4.2.0

CVE-2024-24479 - February 21, 2024

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

An issue in Wireshark before 4.2.0

CVE-2024-24478 - February 21, 2024

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19

CVE-2024-0209 7.5 - High - January 03, 2024

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

NULL Pointer Dereference

Zigbee TLV dissector crash in Wireshark 4.2.0

CVE-2024-0210 7.5 - High - January 03, 2024

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Stack Exhaustion

DOCSIS dissector crash in Wireshark 4.2.0

CVE-2024-0211 7.5 - High - January 03, 2024

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Infinite Loop

HTTP3 dissector crash in Wireshark 4.2.0

CVE-2024-0207 7.5 - High - January 03, 2024

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Out-of-bounds Read

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19

CVE-2024-0208 7.5 - High - January 03, 2024

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

Stack Exhaustion

SSH dissector crash in Wireshark 4.0.0 to 4.0.10

CVE-2023-6174 6.5 - Medium - November 16, 2023

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

Injection

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16

CVE-2023-5371 6.5 - Medium - October 04, 2023

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

Allocation of Resources Without Limits or Throttling

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero

CVE-2023-2906 6.5 - Medium - August 25, 2023

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

Divide By Zero

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15

CVE-2023-4511 7.5 - High - August 24, 2023

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

Infinite Loop

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6

CVE-2023-4512 7.5 - High - August 24, 2023

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

Stack Exhaustion

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15

CVE-2023-4513 7.5 - High - August 24, 2023

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

Memory Leak

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14

CVE-2023-3648 5.5 - Medium - July 14, 2023

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6

CVE-2023-3649 5.5 - Medium - July 14, 2023

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

Out-of-bounds Read

Due to failure in validating the length provided by an attacker-crafted RTPS packet

CVE-2023-0666 6.5 - Medium - June 07, 2023

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

Memory Corruption

Due to failure in validating the length provided by an attacker-crafted MSMMS packet

CVE-2023-0667 6.5 - Medium - June 07, 2023

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

Memory Corruption

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet

CVE-2023-0668 6.5 - Medium - June 07, 2023

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

Memory Corruption

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2952 6.5 - Medium - May 30, 2023

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

Infinite Loop

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2856 6.5 - Medium - May 26, 2023

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Memory Corruption

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2854 6.5 - Medium - May 26, 2023

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Memory Corruption

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2855 6.5 - Medium - May 26, 2023

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Memory Corruption

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2857 6.5 - Medium - May 26, 2023

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Memory Corruption

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2858 6.5 - Medium - May 26, 2023

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Memory Corruption

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13

CVE-2023-2879 7.5 - High - May 26, 2023

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

Infinite Loop

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12

CVE-2023-1994 6.5 - Medium - April 12, 2023

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

Resource Exhaustion

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12

CVE-2023-1992 7.5 - High - April 12, 2023

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

Resource Exhaustion

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12

CVE-2023-1993 6.5 - Medium - April 12, 2023

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

Excessive Iteration

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11

CVE-2023-1161 7.1 - High - March 06, 2023

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and

CVE-2023-0411 6.5 - Medium - January 26, 2023

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Excessive Iteration

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and

CVE-2023-0412 7.1 - High - January 26, 2023

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Improper Resource Shutdown or Release

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and

CVE-2023-0413 6.5 - Medium - January 26, 2023

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Improper Resource Shutdown or Release

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2

CVE-2023-0414 6.5 - Medium - January 26, 2023

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

Improper Resource Shutdown or Release

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and

CVE-2023-0415 6.5 - Medium - January 26, 2023

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Improper Resource Shutdown or Release

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and

CVE-2023-0416 6.5 - Medium - January 26, 2023

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Improper Resource Shutdown or Release

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and

CVE-2023-0417 6.5 - Medium - January 26, 2023

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Improper Resource Shutdown or Release

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9

CVE-2022-4345 6.5 - Medium - January 12, 2023

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

Infinite Loop

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9

CVE-2022-4344 4.3 - Medium - January 12, 2023

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

Resource Exhaustion

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8

CVE-2022-3724 7.5 - High - December 09, 2022

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows

Use of Externally-Controlled Format String

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8

CVE-2022-3725 7.5 - High - October 27, 2022

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Wireshark? Click the Watch button to subscribe.

Wireshark
Vendor

Wireshark
Product

subscribe