Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) in Wireshark

June 4, 2025 invoker category_cve

CVE Details

Basic Information

Title Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) in Wireshark
Type cve
Published 2025-06-04T10:30:46.001Z
Last Seen

Product Information

Vendor Wireshark Foundation
Product Wireshark
Version 4.4.0

CVSS Information

Base Score 7.8 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description This vulnerability causes Wireshark to crash due to improper column handling, leading to denial of service when processing malicious packet injections or crafted capture files.
AI Severity High
Vendor Wireshark Foundation
Product Wireshark
Affected Version 4.4.0-4.4.6, 4.2.0-4.2.12

Additional Information

CVE List
CWE List CWE-120
Bulletin Family
Source Data Wireshark Foundation Wireshark 4.4.0
Wireshark Foundation Wireshark 4.2.0

Source Information

Source Data Wireshark Foundation Wireshark 4.4.0
Wireshark Foundation Wireshark 4.2.0
Source Link

Description

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

CVSS Score Summary

Base Score: 7.8 (HIGH)

View Full CVE Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.