Podatność CVE-2010-1455


Publikacja: 2010-05-12   Modyfikacja: 2012-02-13

Opis:
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.

Typ:

CWE-20

(Improper Input Validation)

Producent: Wireshark
Produkt: Wireshark 
Wersje:
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.12
1.0.11
1.0.10
1.0.1
1.0.0
0.99.8
0.99.7
0.99.6
0.99.5
0.99.4
0.99.3
0.99.2
0.99.1
0.99.0
0.9.6
Producent: Ethereal group
Produkt: Ethereal 
Wersje:
0.99.0
0.9.8
0.9.7
0.9.6

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.3/10
2.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Częściowy

 Referencje:
http://www.vupen.com/english/advisories/2010/1081
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644
http://xforce.iss.net/xforce/xfdb/58362
http://www.wireshark.org/security/wnpa-sec-2010-04.html
http://www.wireshark.org/security/wnpa-sec-2010-03.html
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0076
http://www.securityfocus.com/bid/39950
http://www.osvdb.org/64363
http://www.openwall.com/lists/oss-security/2010/05/07/7
http://www.mandriva.com/security/advisories?name=MDVSA-2010:099
http://secunia.com/advisories/43068
http://secunia.com/advisories/42877
http://secunia.com/advisories/39661
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7331
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

Podobne CVE
CVE-2007-6118
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
CVE-2007-6120
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2007-6121
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
CVE-2007-6111
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
CVE-2006-3632
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
CVE-2006-3628
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissec...
CVE-2006-3629
Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2006-1935
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.

Copyright 2019, cxsecurity.com

 

Back to Top