[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3445Date: (C)2010-11-26   (M)2023-12-28


Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
SECUNIA-42392
SECUNIA-42411
SECUNIA-42877
SECUNIA-43068
BID-43197
SECUNIA-43759
SECUNIA-43821
ADV-2010-3067
ADV-2010-3093
ADV-2011-0076
ADV-2011-0212
ADV-2011-0404
ADV-2011-0626
ADV-2011-0719
DSA-2127
FEDORA-2011-2620
FEDORA-2011-2632
FEDORA-2011-2648
MDVSA-2010:200
RHSA-2010:0924
RHSA-2011:0370
SUSE-SR:2011:001
SUSE-SR:2011:002
VU#215900
http://www.openwall.com/lists/oss-security/2010/10/01/10
http://www.openwall.com/lists/oss-security/2010/10/12/1
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in
http://www.wireshark.org/security/wnpa-sec-2010-12.html
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445
oval:org.mitre.oval:def:14607

CPE    13
cpe:/a:wireshark:wireshark:1.2.10
cpe:/a:wireshark:wireshark:1.2.11
cpe:/a:wireshark:wireshark:1.2.0
cpe:/a:wireshark:wireshark:1.2.2
...
CWE    1
CWE-399
OVAL    13
oval:org.secpod.oval:def:600050
oval:org.secpod.oval:def:40822
oval:org.secpod.oval:def:500336
oval:org.secpod.oval:def:1503276
...

© SecPod Technologies