10

CVE-2008-3146

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version0.9.7
WiresharkWireshark Version0.9.8
WiresharkWireshark Version0.99
WiresharkWireshark Version0.99.0
WiresharkWireshark Version0.99.1
WiresharkWireshark Version0.99.2
WiresharkWireshark Version0.99.3
WiresharkWireshark Version0.99.4
WiresharkWireshark Version0.99.5
WiresharkWireshark Version0.99.6
WiresharkWireshark Version0.99.6a
WiresharkWireshark Version0.99.7
WiresharkWireshark Version0.99.8
WiresharkWireshark Version1.0
WiresharkWireshark Version1.0.0
WiresharkWireshark Version1.0.1
WiresharkWireshark Version1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.78% 0.82
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.