Lucene search

K

[email protected]CVE-2010-3445

HistoryNov 26, 2010 - 7:00 p.m.

CVE-2010-3445

2010-11-2619:00:00

CWE-399

[email protected]

web.nvd.nist.gov

38

cve-2010-3445

stack consumption

vulnerability

dissect_ber_unknown

epan

packet-ber.c

wireshark

nvd

security

asn.1

ber

snmp

remote attackers

denial of service

null pointer dereference

crash

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.7%

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

CPENameOperatorVersion
wireshark:wiresharkwiresharkeq1.2.7
wireshark:wiresharkwiresharkeq1.4.0
wireshark:wiresharkwiresharkeq1.2.11
wireshark:wiresharkwiresharkeq1.2.10
wireshark:wiresharkwiresharkeq1.2.6
wireshark:wiresharkwiresharkeq1.2.8
wireshark:wiresharkwiresharkeq1.2.0
wireshark:wiresharkwiresharkeq1.2.3
wireshark:wiresharkwiresharkeq1.2.5
wireshark:wiresharkwiresharkeq1.2.1

Rows per page:

1-10 of 131

References

archives.neohapsis.com/archives/bugtraq/2010-09/0088.html

blogs.sun.com/security/entry/resource_management_errors_vulnerability_in

lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/42392

secunia.com/advisories/42411

secunia.com/advisories/42877

secunia.com/advisories/43068

secunia.com/advisories/43759

secunia.com/advisories/43821

www.debian.org/security/2010/dsa-2127

www.kb.cert.org/vuls/id/215900

www.mandriva.com/security/advisories?name=MDVSA-2010:200

www.openwall.com/lists/oss-security/2010/10/01/10

www.openwall.com/lists/oss-security/2010/10/12/1

www.redhat.com/support/errata/RHSA-2010-0924.html

www.redhat.com/support/errata/RHSA-2011-0370.html

www.securityfocus.com/bid/43197

www.vupen.com/english/advisories/2010/3067

www.vupen.com/english/advisories/2010/3093

www.vupen.com/english/advisories/2011/0076

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0404

www.vupen.com/english/advisories/2011/0626

www.vupen.com/english/advisories/2011/0719

www.wireshark.org/security/wnpa-sec-2010-12.html

xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/

bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230

bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.7%

Related for CVE-2010-3445

openvas24 nessus20 debian2 veracode1 debiancve1 ubuntucve1 altlinux1 prion1 securityvulns2 freebsd1 osv1 redhat2 oraclelinux2 centos1 fedora3 gentoo1