Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2009-AVI-554
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans Wireshark permettant de provoquer un déni de service à distance et de contourner la politique de sécurité ont été corrigées.
Description
Des vulnérabilités dans Wireshark concernant le traitement des protocoles réseau SNA, SMB, SMB2 et IPMI ont été corrigées. Une personne malveillante distante pourrait les exploiter au moyen de trames spécialement réalisées pour provoquer un déni de service ou contourner la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions de Wireshark de la 0.9.0 à la 1.2.4 incluses.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eLes versions de Wireshark de la 0.9.0 \u00e0 la 1.2.4 incluses.\u003c/p\u003e",
"content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s dans Wireshark concernant le traitement des\nprotocoles r\u00e9seau SNA, SMB, SMB2 et IPMI ont \u00e9t\u00e9 corrig\u00e9es. Une personne\nmalveillante distante pourrait les exploiter au moyen de trames\nsp\u00e9cialement r\u00e9alis\u00e9es pour provoquer un d\u00e9ni de service ou contourner\nla politique de s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4376"
},
{
"name": "CVE-2009-4377",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4377"
},
{
"name": "CVE-2009-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4378"
}
],
"initial_release_date": "2009-12-18T00:00:00",
"last_revision_date": "2009-12-24T00:00:00",
"links": [
{
"title": "item Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2009-13592 du 23 d\u00e9cembre 2009 :",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"reference": "CERTA-2009-AVI-554",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-12-18T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences CVE et de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Fedora.",
"revision_date": "2009-12-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eWireshark\u003c/span\u003e\npermettant de provoquer un d\u00e9ni de service \u00e0 distance et de contourner\nla politique de s\u00e9curit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Wireshark",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Wireshark wnpa-sec-2009-09 du 17 d\u00e9cembre 2009",
"url": null
}
]
}
CVE-2009-4378 (GCVE-0-2009-4378)
Vulnerability from cvelistv5
Published
2009-12-21 21:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319"
},
{
"name": "61179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61179"
},
{
"name": "37842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "FEDORA-2009-13592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "oval:org.mitre.oval:def:7576",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to \"formatting a date/time using strftime.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319"
},
{
"name": "61179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61179"
},
{
"name": "37842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "FEDORA-2009-13592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "oval:org.mitre.oval:def:7576",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to \"formatting a date/time using strftime.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319"
},
{
"name": "61179",
"refsource": "OSVDB",
"url": "http://osvdb.org/61179"
},
{
"name": "37842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "FEDORA-2009-13592",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "oval:org.mitre.oval:def:7576",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7576"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4378",
"datePublished": "2009-12-21T21:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4377 (GCVE-0-2009-4377)
Vulnerability from cvelistv5
Published
2009-12-21 21:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61178"
},
{
"name": "DSA-1983",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1983"
},
{
"name": "oval:org.mitre.oval:def:9564",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564"
},
{
"name": "37916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37916"
},
{
"name": "37842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "FEDORA-2009-13592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301"
},
{
"name": "1023374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "MDVSA-2010:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61178"
},
{
"name": "DSA-1983",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1983"
},
{
"name": "oval:org.mitre.oval:def:9564",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564"
},
{
"name": "37916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37916"
},
{
"name": "37842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "FEDORA-2009-13592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301"
},
{
"name": "1023374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "MDVSA-2010:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61178",
"refsource": "OSVDB",
"url": "http://osvdb.org/61178"
},
{
"name": "DSA-1983",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1983"
},
{
"name": "oval:org.mitre.oval:def:9564",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564"
},
{
"name": "37916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37916"
},
{
"name": "37842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "FEDORA-2009-13592",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301"
},
{
"name": "1023374",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "MDVSA-2010:031",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:031"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4377",
"datePublished": "2009-12-21T21:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4376 (GCVE-0-2009-4376)
Vulnerability from cvelistv5
Published
2009-12-21 21:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022"
},
{
"name": "37916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37916"
},
{
"name": "oval:org.mitre.oval:def:16435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294"
},
{
"name": "37842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "61177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61177"
},
{
"name": "FEDORA-2009-13592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023374"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022"
},
{
"name": "37916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37916"
},
{
"name": "oval:org.mitre.oval:def:16435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294"
},
{
"name": "37842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "61177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61177"
},
{
"name": "FEDORA-2009-13592",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023374"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022"
},
{
"name": "37916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37916"
},
{
"name": "oval:org.mitre.oval:def:16435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16435"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294"
},
{
"name": "37842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "61177",
"refsource": "OSVDB",
"url": "http://osvdb.org/61177"
},
{
"name": "FEDORA-2009-13592",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4376",
"datePublished": "2009-12-21T21:00:00",
"dateReserved": "2009-12-21T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…