10

CVE-2006-3628

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ethereal GroupEthereal Version0.10
Ethereal GroupEthereal Version0.10.0
Ethereal GroupEthereal Version0.10.0a
Ethereal GroupEthereal Version0.10.1
Ethereal GroupEthereal Version0.10.2
Ethereal GroupEthereal Version0.10.3
Ethereal GroupEthereal Version0.10.4
Ethereal GroupEthereal Version0.10.5
Ethereal GroupEthereal Version0.10.6
Ethereal GroupEthereal Version0.10.7
Ethereal GroupEthereal Version0.10.8
Ethereal GroupEthereal Version0.10.9
Ethereal GroupEthereal Version0.10.10
Ethereal GroupEthereal Version0.10.11
Ethereal GroupEthereal Version0.10.12
Ethereal GroupEthereal Version0.10.13
Ethereal GroupEthereal Version0.10.14
Ethereal GroupEthereal Version0.99.0
WiresharkWireshark Version0.10
WiresharkWireshark Version0.10.4
WiresharkWireshark Version0.10.13
WiresharkWireshark Version0.99
WiresharkWireshark Version0.99.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.93% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://rhn.redhat.com/errata/RHSA-2006-0602.html
http://secunia.com/advisories/21078
Patch
Vendor Advisory
http://secunia.com/advisories/21107
Patch
Vendor Advisory
http://secunia.com/advisories/21121
Vendor Advisory
http://secunia.com/advisories/21204
Vendor Advisory
http://secunia.com/advisories/21467
Vendor Advisory
http://secunia.com/advisories/21488
Vendor Advisory
http://secunia.com/advisories/21598
Vendor Advisory
http://secunia.com/advisories/22089
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200607-09.xml
http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:128
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.securityfocus.com/archive/1/440576/100/0/threaded
http://www.securityfocus.com/bid/19051
Patch
http://www.vupen.com/english/advisories/2006/2850
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2006-01.html
Patch
https://issues.rpath.com/browse/RPL-512
http://secunia.com/advisories/21249
Vendor Advisory
http://securitytracker.com/id?1016532
http://www.debian.org/security/2006/dsa-1127
http://www.osvdb.org/27362
http://www.osvdb.org/27363
http://www.osvdb.org/27364
http://www.osvdb.org/27369
https://exchange.xforce.ibmcloud.com/vulnerabilities/27822
https://exchange.xforce.ibmcloud.com/vulnerabilities/27823
https://exchange.xforce.ibmcloud.com/vulnerabilities/27824
https://exchange.xforce.ibmcloud.com/vulnerabilities/27825
https://exchange.xforce.ibmcloud.com/vulnerabilities/27828
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175