Wireshark
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wireshark.
By the Year
In 2025 there have been 1 vulnerability in Wireshark with an average score of 7.5 out of ten. Last year, in 2024 Wireshark had 16 security vulnerabilities published. Right now, Wireshark is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.75.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 1 | 7.50 |
2024 | 16 | 6.75 |
2023 | 31 | 6.56 |
2022 | 8 | 7.41 |
2021 | 22 | 7.42 |
2020 | 20 | 6.85 |
2019 | 22 | 6.95 |
2018 | 79 | 7.43 |
It may take a day or so for new Wireshark vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wireshark Security Vulnerabilities
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10
CVE-2025-1492
7.5 - High
- February 20, 2025
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
Stack Exhaustion
Wireshark FiveCo RAP Dissector Infinite Loop Denial of Service Vulnerability
CVE-2024-11595
5.5 - Medium
- November 21, 2024
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
Infinite Loop
Wireshark ECMP Dissector Denial of Service Vulnerability
CVE-2024-11596
5.5 - Medium
- November 21, 2024
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
Out-of-bounds Read
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7
CVE-2024-9781
7.5 - High
- October 10, 2024
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
ITS dissector crash in Wireshark 4.4.0
CVE-2024-9780
5.5 - Medium
- October 10, 2024
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
Missing Initialization of Resource
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15
CVE-2024-8645
5.5 - Medium
- September 10, 2024
SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file
Access of Uninitialized Pointer
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16
CVE-2024-8250
5.5 - Medium
- August 29, 2024
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
Memory Corruption
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22
CVE-2024-4854
7.5 - High
- May 14, 2024
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
Infinite Loop
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18
CVE-2023-6175
7.8 - High
- March 26, 2024
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
Classic Buffer Overflow
A buffer overflow in Wireshark before 4.2.0
CVE-2024-24476
- February 21, 2024
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
A Buffer Overflow in Wireshark before 4.2.0
CVE-2024-24479
- February 21, 2024
A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
An issue in Wireshark before 4.2.0
CVE-2024-24478
- February 21, 2024
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19
CVE-2024-0209
7.5 - High
- January 03, 2024
IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
NULL Pointer Dereference
Zigbee TLV dissector crash in Wireshark 4.2.0
CVE-2024-0210
7.5 - High
- January 03, 2024
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Stack Exhaustion
DOCSIS dissector crash in Wireshark 4.2.0
CVE-2024-0211
7.5 - High
- January 03, 2024
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Infinite Loop
HTTP3 dissector crash in Wireshark 4.2.0
CVE-2024-0207
7.5 - High
- January 03, 2024
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
Out-of-bounds Read
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19
CVE-2024-0208
7.5 - High
- January 03, 2024
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
Stack Exhaustion
SSH dissector crash in Wireshark 4.0.0 to 4.0.10
CVE-2023-6174
6.5 - Medium
- November 16, 2023
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
Injection
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16
CVE-2023-5371
6.5 - Medium
- October 04, 2023
RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file
Allocation of Resources Without Limits or Throttling
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero
CVE-2023-2906
6.5 - Medium
- August 25, 2023
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
Divide By Zero
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15
CVE-2023-4511
7.5 - High
- August 24, 2023
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Infinite Loop
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6
CVE-2023-4512
7.5 - High
- August 24, 2023
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Stack Exhaustion
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15
CVE-2023-4513
7.5 - High
- August 24, 2023
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Memory Leak
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14
CVE-2023-3648
5.5 - Medium
- July 14, 2023
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6
CVE-2023-3649
5.5 - Medium
- July 14, 2023
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Out-of-bounds Read
Due to failure in validating the length provided by an attacker-crafted RTPS packet
CVE-2023-0666
6.5 - Medium
- June 07, 2023
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Memory Corruption
Due to failure in validating the length provided by an attacker-crafted MSMMS packet
CVE-2023-0667
6.5 - Medium
- June 07, 2023
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
Memory Corruption
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet
CVE-2023-0668
6.5 - Medium
- June 07, 2023
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Memory Corruption
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2952
6.5 - Medium
- May 30, 2023
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Infinite Loop
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2856
6.5 - Medium
- May 26, 2023
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Memory Corruption
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2854
6.5 - Medium
- May 26, 2023
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Memory Corruption
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2855
6.5 - Medium
- May 26, 2023
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Memory Corruption
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2857
6.5 - Medium
- May 26, 2023
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Memory Corruption
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2858
6.5 - Medium
- May 26, 2023
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
Memory Corruption
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13
CVE-2023-2879
7.5 - High
- May 26, 2023
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Infinite Loop
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
CVE-2023-1994
6.5 - Medium
- April 12, 2023
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
Resource Exhaustion
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
CVE-2023-1992
7.5 - High
- April 12, 2023
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
Resource Exhaustion
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
CVE-2023-1993
6.5 - Medium
- April 12, 2023
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
Excessive Iteration
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11
CVE-2023-1161
7.1 - High
- March 06, 2023
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
CVE-2023-0411
6.5 - Medium
- January 26, 2023
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Excessive Iteration
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
CVE-2023-0412
7.1 - High
- January 26, 2023
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Improper Resource Shutdown or Release
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
CVE-2023-0413
6.5 - Medium
- January 26, 2023
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Improper Resource Shutdown or Release
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2
CVE-2023-0414
6.5 - Medium
- January 26, 2023
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
Improper Resource Shutdown or Release
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
CVE-2023-0415
6.5 - Medium
- January 26, 2023
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Improper Resource Shutdown or Release
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
CVE-2023-0416
6.5 - Medium
- January 26, 2023
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Improper Resource Shutdown or Release
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
CVE-2023-0417
6.5 - Medium
- January 26, 2023
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Improper Resource Shutdown or Release
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9
CVE-2022-4345
6.5 - Medium
- January 12, 2023
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Infinite Loop
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9
CVE-2022-4344
4.3 - Medium
- January 12, 2023
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Resource Exhaustion
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8
CVE-2022-3724
7.5 - High
- December 09, 2022
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows
Use of Externally-Controlled Format String
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8
CVE-2022-3725
7.5 - High
- October 27, 2022
Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
Memory Corruption