The version of Wireshark installed on the remote Windows host is prior to 2.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.2 advisory.

  - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This     was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding     to header decompression. (CVE-2018-14369)

  - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go     into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that     are too long. (CVE-2018-14368)

  - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into     a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
    (CVE-2018-14342)

  - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was     addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-     read. (CVE-2018-14344)

  - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib     decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid     a buffer over-read. (CVE-2018-14340)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Wireshark 2.6.x < 2.6.2 Multiple Vulnerabilities

high Nessus Plugin ID 111387

Version 1.7

Version 1.6

Version 1.5

Version 1.7 May 1, 2026, 6:47 PM CVE (set "CVE" coverage to "CVE-2018-14339,CVE-2018-14340,CVE-2018-14341,CVE-2018-14342,CVE-2018-14343,CVE-2018-14344,CVE-2018-14367,CVE-2018-14368,CVE-2018-14369") CVSSv3 score source (changed from "CVE-2018-14370" to "CVE-2018-14369") Detection (updated detection logic) Plugin metadata Plugin Feed: 202605011847
Version 1.6 Mar 30, 2026, 9:17 PM Logic Changes (modernized plugin) Plugin Feed: 202603302117
Version 1.5 Sep 2, 2024, 7:18 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2018-14339" to "CVE-2018-14368") CVSSv3 score source (set to "CVE-2018-14370") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202409020718