ID CVE-2010-2995
Summary The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
References
Vulnerable Configurations
  • Wireshark 1.2.9
    cpe:2.3:a:wireshark:wireshark:1.2.9
  • cpe:2.3:a:wireshark:wireshark:1.2
    cpe:2.3:a:wireshark:wireshark:1.2
  • Wireshark 1.2.3
    cpe:2.3:a:wireshark:wireshark:1.2.3
  • Wireshark 1.2.5
    cpe:2.3:a:wireshark:wireshark:1.2.5
  • Wireshark 1.2.8
    cpe:2.3:a:wireshark:wireshark:1.2.8
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • Wireshark 1.2.4
    cpe:2.3:a:wireshark:wireshark:1.2.4
  • Wireshark 1.2.7
    cpe:2.3:a:wireshark:wireshark:1.2.7
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
  • Wireshark 1.2.6
    cpe:2.3:a:wireshark:wireshark:1.2.6
  • Wireshark 1.2.2
    cpe:2.3:a:wireshark:wireshark:1.2.2
  • Wireshark 1.0.6
    cpe:2.3:a:wireshark:wireshark:1.0.6
  • Wireshark 1.0.12
    cpe:2.3:a:wireshark:wireshark:1.0.12
  • Wireshark 1.0.11
    cpe:2.3:a:wireshark:wireshark:1.0.11
  • Wireshark 1.0.1
    cpe:2.3:a:wireshark:wireshark:1.0.1
  • Wireshark 1.0.4
    cpe:2.3:a:wireshark:wireshark:1.0.4
  • Wireshark 1.0.5
    cpe:2.3:a:wireshark:wireshark:1.0.5
  • Wireshark 1.0.7
    cpe:2.3:a:wireshark:wireshark:1.0.7
  • Wireshark 1.0.9
    cpe:2.3:a:wireshark:wireshark:1.0.9
  • Wireshark 1.0.8
    cpe:2.3:a:wireshark:wireshark:1.0.8
  • Wireshark 1.0.10
    cpe:2.3:a:wireshark:wireshark:1.0.10
  • Wireshark 1.0.2
    cpe:2.3:a:wireshark:wireshark:1.0.2
  • Wireshark 1.0.3
    cpe:2.3:a:wireshark:wireshark:1.0.3
  • Wireshark 1.0.0
    cpe:2.3:a:wireshark:wireshark:1.0.0
  • Wireshark 1.0.13
    cpe:2.3:a:wireshark:wireshark:1.0.13
  • Wireshark 1.0.14
    cpe:2.3:a:wireshark:wireshark:1.0.14
  • cpe:2.3:a:wireshark:wireshark:0.10.8
    cpe:2.3:a:wireshark:wireshark:0.10.8
  • cpe:2.3:a:wireshark:wireshark:0.10.9
    cpe:2.3:a:wireshark:wireshark:0.10.9
  • cpe:2.3:a:wireshark:wireshark:0.10.10
    cpe:2.3:a:wireshark:wireshark:0.10.10
  • cpe:2.3:a:wireshark:wireshark:0.10.11
    cpe:2.3:a:wireshark:wireshark:0.10.11
  • cpe:2.3:a:wireshark:wireshark:0.10.12
    cpe:2.3:a:wireshark:wireshark:0.10.12
  • cpe:2.3:a:wireshark:wireshark:0.10.13
    cpe:2.3:a:wireshark:wireshark:0.10.13
  • cpe:2.3:a:wireshark:wireshark:0.10.14
    cpe:2.3:a:wireshark:wireshark:0.10.14
CVSS
Base: 10.0 (as of 16-08-2010 - 11:52)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 56426
    published 2011-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56426
    title GLSA-201110-02 : Wireshark: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-110331.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues
    last seen 2018-09-02
    modified 2018-06-29
    plugin id 53315
    published 2011-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53315
    title SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2101.NASL
    description Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 49058
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49058
    title Debian DSA-2101-1 : wireshark - several vulnerabilities
  • NASL family Windows
    NASL id WIRESHARK_1_2_10.NASL
    description The installed version of Wireshark or Ethereal is potentially affected by multiple vulnerabilities. - The SigComp Universal Decompressor Virtual Machine could potentially overflow a buffer. (Bug 4867) - The ANS.1 BER dissector could potentially exhaust the stack memory. (Bug 4984) - The GSM A RR dissector is affected by denial of service issue. (Bug 4897) - The IPMI dissector could get stuck in an infinite loop. (Bug 5053)
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 48213
    published 2010-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48213
    title Wireshark / Ethereal < 1.0.15 / 1.2.10 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100811_WIRESHARK_ON_SL3_X.NASL
    description Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286) NOTE: This errata updates Wireshark to version 1.0.15 to resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60836
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60836
    title Scientific Linux Security Update : wireshark on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_WIRESHARK-101222.NASL
    description Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 53808
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53808
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0625.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 48409
    published 2010-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48409
    title CentOS 4 / 5 : wireshark (CESA-2010:0625)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-13416.NASL
    description Update to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-20
    plugin id 49092
    published 2010-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49092
    title Fedora 13 : wireshark-1.2.10-1.fc13 (2010-13416)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-13427.NASL
    description Update to upstream version 1.2.10: * http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html * http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple security issues: * http://www.wireshark.org/security/wnpa-sec-2010-04.html * http://www.wireshark.org/security/wnpa-sec-2010-06.html * http://www.wireshark.org/security/wnpa-sec-2010-08.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-20
    plugin id 49093
    published 2010-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49093
    title Fedora 12 : wireshark-1.2.10-1.fc12 (2010-13427)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0625.NASL
    description Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 48314
    published 2010-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48314
    title RHEL 3 / 4 / 5 : wireshark (RHSA-2010:0625)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0625.NASL
    description From Red Hat Security Advisory 2010:0625 : Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-07-26
    plugin id 68084
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68084
    title Oracle Linux 3 / 4 / 5 : wireshark (ELSA-2010-0625)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_WIRESHARK-101222.NASL
    description Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 53689
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53689
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_WIRESHARK-101222.NASL
    description Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75771
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75771
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)
oval via4
accepted 2013-08-19T04:00:12.564-04:00
class vulnerability
contributors
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.
family windows
id oval:org.mitre.oval:def:12049
status accepted
submitted 2010-08-16T18:01:02
title Vulnerability in SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark
version 11
redhat via4
advisories
bugzilla
id 604308
title CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment wireshark is earlier than 0:1.0.15-EL3.1
          oval oval:com.redhat.rhsa:tst:20100625002
        • comment wireshark is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726003
      • AND
        • comment wireshark-gnome is earlier than 0:1.0.15-EL3.1
          oval oval:com.redhat.rhsa:tst:20100625004
        • comment wireshark-gnome is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726005
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment wireshark is earlier than 0:1.0.15-1.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100625007
        • comment wireshark is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726003
      • AND
        • comment wireshark-gnome is earlier than 0:1.0.15-1.el4_8.1
          oval oval:com.redhat.rhsa:tst:20100625008
        • comment wireshark-gnome is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060726005
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment wireshark is earlier than 0:1.0.15-1.el5_5.1
          oval oval:com.redhat.rhsa:tst:20100625010
        • comment wireshark is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070066011
      • AND
        • comment wireshark-gnome is earlier than 0:1.0.15-1.el5_5.1
          oval oval:com.redhat.rhsa:tst:20100625012
        • comment wireshark-gnome is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070066013
rhsa
id RHSA-2010:0625
released 2010-08-11
severity Moderate
title RHSA-2010:0625: wireshark security update (Moderate)
rpms
  • wireshark-0:1.0.15-EL3.1
  • wireshark-gnome-0:1.0.15-EL3.1
  • wireshark-0:1.0.15-1.el4_8.1
  • wireshark-gnome-0:1.0.15-1.el4_8.1
  • wireshark-0:1.0.15-1.el5_5.1
  • wireshark-gnome-0:1.0.15-1.el5_5.1
refmap via4
confirm
secunia
  • 42877
  • 43068
suse
  • SUSE-SR:2011:001
  • SUSE-SR:2011:002
vupen
  • ADV-2011-0076
  • ADV-2011-0212
Last major update 17-02-2011 - 00:00
Published 13-08-2010 - 14:43
Last modified 18-09-2017 - 21:31
Back to Top