ID CVE-2009-3829
Summary Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.8.19:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.8.19:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.8.20:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.8.20:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.9.14:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.6a:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-08-19T04:05:02.692-04:00
    class vulnerability
    contributors
    • name Prabhu S A
      organization SecPod Technologies
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    comment Wireshark is installed on the system.
    oval oval:org.mitre.oval:def:6589
    description Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
    family windows
    id oval:org.mitre.oval:def:5979
    status accepted
    submitted 2009-11-17T15:11:12
    title Wireshark Integer overflow vulnerability in wiretap/erf.c
    version 9
  • accepted 2013-04-29T04:23:32.395-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
    family unix
    id oval:org.mitre.oval:def:9945
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
    version 30
redhat via4
rpms
  • wireshark-0:1.0.11-1.el4_8.5
  • wireshark-0:1.0.11-1.el5_5.5
  • wireshark-0:1.0.11-EL3.6
  • wireshark-debuginfo-0:1.0.11-1.el4_8.5
  • wireshark-debuginfo-0:1.0.11-1.el5_5.5
  • wireshark-debuginfo-0:1.0.11-EL3.6
  • wireshark-gnome-0:1.0.11-1.el4_8.5
  • wireshark-gnome-0:1.0.11-1.el5_5.5
  • wireshark-gnome-0:1.0.11-EL3.6
refmap via4
cert-vn VU#676492
confirm
debian DSA-1942
secunia
  • 37409
  • 37477
statements via4
contributor Tomas Hoger
lastmodified 2010-04-20
organization Red Hat
statement The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html
Last major update 19-09-2017 - 01:29
Published 30-10-2009 - 20:30
Last modified 19-09-2017 - 01:29
Back to Top