Todo

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A crash in the SMB2 protocol dissector allows for a denial of service. A dissector is a software component that breaks down network packets into a human-readable format. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A crash in the GSM RP protocol dissector allows for a denial of service. **Recommendations** Update Wireshark versions 4.6.0 through 4.6.4 to a version newer than 4.6.4. Update Wireshark versions 4.4.0 through 4.4.14 to a version newer than 4.4.14.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A path traversal issue exists during profile import, which could lead to a denial of service and potential code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A buffer copy without checking the size of input, known as a classic buffer overflow, occurs in the K12 RF5 file parser. This issue can lead to a crash, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 3.6.0 through 3.6.8 **Description** The issue is related to a crash in the USB HID protocol dissector, allowing denial of service via packet injection or crafted capture file on Windows. **Recommendations** For Wireshark versions 3.6.0 through 3.6.8, update to a version that contains a fix for this issue to prevent denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 3.4.0 through 3.4.11 Wireshark versions 3.6.0 through 3.6.1 **Description** The issue is related to a crash in the CMS protocol dissector, allowing for denial of service via packet injection or crafted capture file. This can be exploited by injecting packets or using a specially crafted capture file. **Recommendations** For Wireshark versions 3.4.0 through 3.4.11, update to a version that fixes the issue. For Wireshark versions 3.6.0 through 3.6.1, update to a version that fixes the issue. As a temporary workaround, consider disabling the CMS protocol dissector until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 3.4.0 through 3.4.9 **Description** The issue is related to a NULL pointer exception in the IPPUSB dissector, which can be exploited to cause a denial of service via packet injection or crafted capture files. This can be achieved by a remote attacker, allowing them to disrupt the service. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Wireshark versions 3.4.0 through 3.4.9, consider disabling the IPPUSB dissector as a temporary workaround until a patch is available. Restrict access to crafted capture files and avoid using the affected dissector to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.