10

CVE-2009-1210

Exploit

EPSS 34.47%
Veröffentlicht 01.04.2009 10:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name.  NOTE: some of these details are obtained from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version <= 1.0.5

Wireshark ≫ Wireshark Version0.6

Wireshark ≫ Wireshark Version0.7.9

Wireshark ≫ Wireshark Version0.8.16

Wireshark ≫ Wireshark Version0.8.19

Wireshark ≫ Wireshark Version0.9.5

Wireshark ≫ Wireshark Version0.9.7

Wireshark ≫ Wireshark Version0.9.8

Wireshark ≫ Wireshark Version0.9.10

Wireshark ≫ Wireshark Version0.9.14

Wireshark ≫ Wireshark Version0.10

Wireshark ≫ Wireshark Version0.10.1

Wireshark ≫ Wireshark Version0.10.2

Wireshark ≫ Wireshark Version0.10.3

Wireshark ≫ Wireshark Version0.10.4

Wireshark ≫ Wireshark Version0.10.5

Wireshark ≫ Wireshark Version0.10.6

Wireshark ≫ Wireshark Version0.10.7

Wireshark ≫ Wireshark Version0.10.8

Wireshark ≫ Wireshark Version0.10.9

Wireshark ≫ Wireshark Version0.10.10

Wireshark ≫ Wireshark Version0.10.11

Wireshark ≫ Wireshark Version0.10.12

Wireshark ≫ Wireshark Version0.10.13

Wireshark ≫ Wireshark Version0.10.14

Wireshark ≫ Wireshark Version0.99

Wireshark ≫ Wireshark Version0.99.0

Wireshark ≫ Wireshark Version0.99.1

Wireshark ≫ Wireshark Version0.99.2

Wireshark ≫ Wireshark Version0.99.3

Wireshark ≫ Wireshark Version0.99.4

Wireshark ≫ Wireshark Version0.99.5

Wireshark ≫ Wireshark Version0.99.6

Wireshark ≫ Wireshark Version0.99.6a

Wireshark ≫ Wireshark Version0.99.7

Wireshark ≫ Wireshark Version0.99.8

Wireshark ≫ Wireshark Version1.0

Wireshark ≫ Wireshark Version1.0.0

Wireshark ≫ Wireshark Version1.0.1

Wireshark ≫ Wireshark Version1.0.2

Wireshark ≫ Wireshark Version1.0.3

Wireshark ≫ Wireshark Version1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	34.47%	0.967

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://secunia.com/advisories/35416

Vendor Advisory

http://secunia.com/advisories/34542

Vendor Advisory

http://secunia.com/advisories/34778

Vendor Advisory

http://secunia.com/advisories/34970

Vendor Advisory

http://secunia.com/advisories/35133

Vendor Advisory

http://secunia.com/advisories/35224

Vendor Advisory

http://secunia.com/advisories/35464

Vendor Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0062

http://www.debian.org/security/2009/dsa-1785

http://www.mandriva.com/security/advisories?name=MDVSA-2009:088

http://www.redhat.com/support/errata/RHSA-2009-1100.html

http://www.securityfocus.com/archive/1/502745/100/0/threaded

http://www.securityfocus.com/bid/34291

Exploit

http://www.wireshark.org/security/wnpa-sec-2009-02.html

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49512

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526

https://www.exploit-db.com/exploits/8308

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html

https://nvd.nist.gov/vuln/detail/CVE-2009-1210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1210

EUVD