ID CVE-2010-3445
Summary Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
References
Vulnerable Configurations
  • Wireshark 1.2.9
    cpe:2.3:a:wireshark:wireshark:1.2.9
  • Wireshark 1.2.10
    cpe:2.3:a:wireshark:wireshark:1.2.10
  • Wireshark 1.2.8
    cpe:2.3:a:wireshark:wireshark:1.2.8
  • Wireshark 1.2.5
    cpe:2.3:a:wireshark:wireshark:1.2.5
  • Wireshark 1.2.3
    cpe:2.3:a:wireshark:wireshark:1.2.3
  • Wireshark 1.2.4
    cpe:2.3:a:wireshark:wireshark:1.2.4
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • Wireshark 1.2.7
    cpe:2.3:a:wireshark:wireshark:1.2.7
  • Wireshark 1.2.6
    cpe:2.3:a:wireshark:wireshark:1.2.6
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
  • Wireshark 1.2.2
    cpe:2.3:a:wireshark:wireshark:1.2.2
  • Wireshark 1.2.11
    cpe:2.3:a:wireshark:wireshark:1.2.11
  • Wireshark 1.4.0
    cpe:2.3:a:wireshark:wireshark:1.4.0
CVSS
Base: 5.0 (as of 29-11-2010 - 09:56)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-110331.NASL
    description Wireshark was updated to version 1.4.4 to fix several security issues
    last seen 2018-09-02
    modified 2018-06-29
    plugin id 53315
    published 2011-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53315
    title SuSE 11.1 Security Update : wireshark (SAT Patch Number 4267)
  • NASL family Windows
    NASL id WIRESHARK_1_4_1.NASL
    description The installed version of Wireshark is 1.2.x less than 1.2.12 or 1.4.x less than 1.4.1. Such versions are affected by a denial of service vulnerability. The ASN.1 BER dissector contains a flaw that can allow a stack overflow that in turn can cause the application to crash.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49978
    published 2010-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49978
    title Wireshark < 1.2.12 / 1.4.1 ASN.1 BER Dissector Denial of Service
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-200.NASL
    description It was discovered that the ASN.1 BER dissector in wireshark was susceptible to a stack overflow (CVE-2010-3445). For 2010.0 and 2010.1 wireshark was upgraded to v1.2.12 which is not vulnerable to this issue and was patched for CS4 and MES5 to resolve the vulnerability.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 49970
    published 2010-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49970
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2010:200)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B2EAA7C2E64A11DFBC650022156E8794.NASL
    description Secunia reports : A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an infinite recursion error in the 'dissect_unknown_ber()' function in epan/dissectors/packet-ber.c and can be exploited to cause a stack overflow e.g. via a specially crafted SNMP packet. The vulnerability is confirmed in version 1.4.0 and reported in version 1.2.11 and prior and version 1.4.0 and prior.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 50500
    published 2010-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50500
    title FreeBSD : Wireshark -- DoS in the BER-based dissectors (b2eaa7c2-e64a-11df-bc65-0022156e8794)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0924.NASL
    description Updated wireshark packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.13, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 50851
    published 2010-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50851
    title RHEL 6 : wireshark (RHSA-2010:0924)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56426
    published 2011-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56426
    title GLSA-201110-02 : Wireshark: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20101130_WIRESHARK_ON_SL6_X.NASL
    description A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60911
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60911
    title Scientific Linux Security Update : wireshark on SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2127.NASL
    description A flaw has been found in wireshark, a network protocol analyzer. It was found that the ASN.1 BER dissector was susceptible to a stack overflow, causing the application to crash.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 50826
    published 2010-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50826
    title Debian DSA-2127-1 : wireshark - denial of service
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-2620.NASL
    description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 52640
    published 2011-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52640
    title Fedora 13 : wireshark-1.2.15-1.fc13 (2011-2620)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-2632.NASL
    description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1141: Malformed LDAP filter string causes Denial of Service via excessive memory consumption - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 52641
    published 2011-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52641
    title Fedora 14 : wireshark-1.4.4-1.fc14 (2011-2632)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0370.NASL
    description Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52750
    published 2011-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52750
    title RHEL 4 / 5 : wireshark (RHSA-2011:0370)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_WIRESHARK-101222.NASL
    description Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75771
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75771
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_WIRESHARK-101222.NASL
    description Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53808
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53808
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0370.NASL
    description Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 52757
    published 2011-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52757
    title CentOS 4 / 5 : wireshark (CESA-2011:0370)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-2648.NASL
    description Several security bugs were fixed in this release : - CVE-2011-0538: memory corruption when reading a malformed pcap file - CVE-2010-3445: stack overflow in BER dissector - CVE-2011-1143: NULL pointer dereference causing application crash when reading malformed pcap file - CVE-2011-1140: Multiple stack consumption vulnerabilities caused DoS via crafted SMB or CLDAP packet - CVE-2011-1138: Off-by-one error in the dissect_6lowpan_iphc function causes application crash (Denial Of Service) - CVE-2011-1139: Denial Of Service (application crash) via a pcap-ng file that contains a large packet-length field - CVE-2011-0713: heap-based buffer overflow when reading malformed Nokia DCT3 phone signaling traces Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 52590
    published 2011-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52590
    title Fedora 15 : wireshark-1.4.4-1.fc15 (2011-2648)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0370.NASL
    description From Red Hat Security Advisory 2011:0370 : Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68232
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68232
    title Oracle Linux 4 / 5 : wireshark (ELSA-2011-0370)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110321_WIRESHARK_ON_SL4_X.NASL
    description A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60991
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60991
    title Scientific Linux Security Update : wireshark on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_WIRESHARK-101222.NASL
    description Wireshark version 1.4.2 fixes several security issues that allowed attackers to crash wireshark or potentially even execute arbitrary code (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3445, CVE-2010-4300, CVE-2010-4301)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53689
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53689
    title openSUSE Security Update : wireshark (openSUSE-SU-2011:0010-1)
oval via4
accepted 2013-08-19T04:00:23.505-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.
family windows
id oval:org.mitre.oval:def:14607
status accepted
submitted 2012-02-27T15:34:33.178-04:00
title Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12
version 8
redhat via4
advisories
  • rhsa
    id RHSA-2010:0924
  • rhsa
    id RHSA-2011:0370
rpms
  • wireshark-0:1.2.13-1.el6_0.1
  • wireshark-devel-0:1.2.13-1.el6_0.1
  • wireshark-gnome-0:1.2.13-1.el6_0.1
  • wireshark-0:1.0.15-2.el4
  • wireshark-gnome-0:1.0.15-2.el4
  • wireshark-0:1.0.15-1.el5_6.4
  • wireshark-gnome-0:1.0.15-1.el5_6.4
refmap via4
bid 43197
bugtraq 20100913 Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service
cert-vn VU#215900
confirm
debian DSA-2127
fedora
  • FEDORA-2011-2620
  • FEDORA-2011-2632
  • FEDORA-2011-2648
mandriva MDVSA-2010:200
misc http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/
mlist
  • [oss-security] 20101001 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
  • [oss-security] 20101011 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
secunia
  • 42392
  • 42411
  • 42877
  • 43068
  • 43759
  • 43821
suse
  • SUSE-SR:2011:001
  • SUSE-SR:2011:002
vupen
  • ADV-2010-3067
  • ADV-2010-3093
  • ADV-2011-0076
  • ADV-2011-0212
  • ADV-2011-0404
  • ADV-2011-0626
  • ADV-2011-0719
Last major update 13-08-2012 - 23:18
Published 26-11-2010 - 14:00
Last modified 18-09-2017 - 21:31
Back to Top