5

CVE-2008-3145

The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version0.8.19
WiresharkWireshark Version0.99.0
WiresharkWireshark Version0.99.1
WiresharkWireshark Version0.99.2
WiresharkWireshark Version0.99.3
WiresharkWireshark Version0.99.4
WiresharkWireshark Version0.99.5
WiresharkWireshark Version0.99.6
WiresharkWireshark Version0.99.6a
WiresharkWireshark Version0.99.7
WiresharkWireshark Version0.99.8
WiresharkWireshark Version1.0
WiresharkWireshark Version1.0.0
WiresharkWireshark Version1.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2% 0.782
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://secunia.com/advisories/32091
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.vupen.com/english/advisories/2008/2773
http://secunia.com/advisories/31085
Vendor Advisory
http://secunia.com/advisories/31378
http://secunia.com/advisories/32944
http://security.gentoo.org/glsa/glsa-200808-04.xml
http://www.debian.org/security/2008/dsa-1673
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html
http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343
http://secunia.com/advisories/31044
Patch
Vendor Advisory
http://secunia.com/advisories/31257
http://securitytracker.com/id?1020471
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237
http://www.mandriva.com/security/advisories?name=MDVSA-2008:152
http://www.securityfocus.com/archive/1/494859/100/0/threaded
http://www.securityfocus.com/bid/30181
http://www.vupen.com/english/advisories/2008/2057/references
http://www.wireshark.org/security/wnpa-sec-2008-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470
https://bugzilla.redhat.com/show_bug.cgi?id=454984
https://exchange.xforce.ibmcloud.com/vulnerabilities/43719
https://issues.rpath.com/browse/RPL-2684
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020