GoogleOSV:DSA-1785-1wireshark - several vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.944 High
EPSS
Percentile
98.8%
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service or the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2009-1210
A format string vulnerability was discovered in the PROFINET
dissector. - CVE-2009-1268
The dissector for the Check Point High-Availability Protocol
could be forced to crash. - CVE-2009-1269
Malformed Tektronix files could lead to a crash.
The old stable distribution (etch), is only affected by the
CPHAP crash, which doesnât warrant an update on its own. The fix
will be queued up for an upcoming security update or a point release.
For the stable distribution (lenny), these problems have been fixed in
version 1.0.2-3+lenny5.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.7-1.
We recommend that you upgrade your wireshark packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wireshark | eq | 1.0.2-3+lenny3 | |
| wireshark | eq | 1.0.2-3+lenny4 |
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.944 High
EPSS
Percentile
98.8%