5
CVE-2008-3145
- EPSS 2%
- Veröffentlicht 16.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2% | 0.782 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://secunia.com/advisories/32091
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.vupen.com/english/advisories/2008/2773
http://secunia.com/advisories/31085
http://secunia.com/advisories/31378
http://secunia.com/advisories/32944
http://security.gentoo.org/glsa/glsa-200808-04.xml
http://www.debian.org/security/2008/dsa-1673
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html
http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343
http://secunia.com/advisories/31044
http://secunia.com/advisories/31257
http://securitytracker.com/id?1020471
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237
http://www.mandriva.com/security/advisories?name=MDVSA-2008:152
http://www.securityfocus.com/archive/1/494859/100/0/threaded
http://www.securityfocus.com/bid/30181
http://www.vupen.com/english/advisories/2008/2057/references
http://www.wireshark.org/security/wnpa-sec-2008-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470
https://bugzilla.redhat.com/show_bug.cgi?id=454984
https://exchange.xforce.ibmcloud.com/vulnerabilities/43719
https://issues.rpath.com/browse/RPL-2684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020