CVE-2006-4574

EPSS 6.82%
Veröffentlicht 28.10.2006 00:07:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 0.10.1 <= 0.99.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.82%	0.909

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

Broken Link

http://secunia.com/advisories/22929

Broken Link

http://secunia.com/advisories/22590

Vendor Advisory

Broken Link

http://secunia.com/advisories/22659

Broken Link

http://secunia.com/advisories/22672

Broken Link

http://secunia.com/advisories/22692