5

CVE-2008-4682

wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version0.99.7
WiresharkWireshark Version0.99.8
WiresharkWireshark Version1.0
WiresharkWireshark Version1.0.0
WiresharkWireshark Version1.0.1
WiresharkWireshark Version1.0.2
WiresharkWireshark Version1.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.29% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/32355
Vendor Advisory
http://secunia.com/advisories/34144
http://securitytracker.com/id?1021069
http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0336
http://www.mandriva.com/security/advisories?name=MDVSA-2008:215
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.securityfocus.com/archive/1/499154/100/0/threaded
http://www.securityfocus.com/bid/31838
Patch
http://www.vupen.com/english/advisories/2008/2872
http://www.wireshark.org/security/wnpa-sec-2008-06.html
Vendor Advisory
http://securityreason.com/securityalert/4462
http://shinnok.evonet.ro/vulns_html/wireshark.html
http://www.securityfocus.com/bid/31468
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2926
https://exchange.xforce.ibmcloud.com/vulnerabilities/45505
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14705
https://www.exploit-db.com/exploits/6622