CVE-2010-3445
This CVE name corresponds to:
The following information is adapted from the
Common Vulnerabilities and
Exposures (CVE) project. CVE and the CVE logo are trademarks
of The MITRE Corporation. CVE content is Copyright 2005, The
MITRE Corporation.
Details
Description
Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
References
Source |
Reference |
BUGTRAQ |
20100913 Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service |
MLIST |
[oss-security] 20101001 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark |
MLIST |
[oss-security] 20101011 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark |
MISC |
http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/ |
CONFIRM |
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230 |
CONFIRM |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445 |
CONFIRM |
http://www.wireshark.org/security/wnpa-sec-2010-12.html |
CONFIRM |
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in |
DEBIAN |
DSA-2127 |
FEDORA |
FEDORA-2011-2620 |
FEDORA |
FEDORA-2011-2632 |
FEDORA |
FEDORA-2011-2648 |
MANDRIVA |
MDVSA-2010:200 |
REDHAT |
RHSA-2010:0924 |
REDHAT |
RHSA-2011:0370 |
SUSE |
SUSE-SR:2011:001 |
SUSE |
SUSE-SR:2011:002 |
CERT-VN |
VU#215900 |
BID |
43197 |
OVAL |
oval:org.mitre.oval:def:14607 |
SECUNIA |
42392 |
SECUNIA |
42411 |
SECUNIA |
42877 |
SECUNIA |
43068 |
SECUNIA |
43821 |
SECUNIA |
43759 |
VUPEN |
ADV-2010-3067 |
VUPEN |
ADV-2010-3093 |
VUPEN |
ADV-2011-0076 |
VUPEN |
ADV-2011-0212 |
VUPEN |
ADV-2011-0404 |
VUPEN |
ADV-2011-0719 |
VUPEN |
ADV-2011-0626 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.