CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2009-3550 – Wireshark: NULL pointer dereference in the DCERPC over SMB packet disassembly
https://notcve.org/view.php?id=CVE-2009-3550
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. El analizador DCERPC/NT en Wireshark desde v0.10.10 hasta v1.0.9 y desde v1.2.0 hasta v1.2.2 permite a atacantes remotos producir una denegación de servicio (desreferencia a puntero NULL y caída de aplicación) a través de un fichero que almacena la ruta de un paquete manipulado. • http://secunia.com/advisories/37175 http://secunia.com/advisories/37409 http://secunia.com/advisories/37477 http://www.debian.org/security/2009/dsa-1942 http://www.securityfocus.com/bid/36846 http://www.vupen.com/english/advisories/2009/3061 http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html http://www.wireshark.org/security/wnpa-sec-2009-07.html http://www.wireshark.org/security/wnpa-sec-2009- • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 6%CPEs: 53EXPL: 0CVE-2009-3829 – wireshark: unsigned integer wrap vulnerability in ERF reader (VU#676492)
https://notcve.org/view.php?id=CVE-2009-3829
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." Desbordamiento de entero en wiretap/erf.c en Wireshark en versiones anteriores a v1.2.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero erf manipulado, relacionado con la vulnerabilidad " sobreescritura de entero sin asignar". • http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?view=markup&pathrev=29364 http://secunia.com/advisories/37409 http://secunia.com/advisories/37477 http://www.debian.org/security/2009/dsa-1942 http://www.kb.cert.org/vuls/id/676492 http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3849 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5979 https://oval.cisecurity.org/repo • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-3549
https://notcve.org/view.php?id=CVE-2009-3549
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. packet-paltalk.c en el analizador Paltalk en Wireshark desde v1.2.0 hasta v1.2.2, en SPARC y algunas otras plataformas, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) a través de un fichero que almacena la ruta de un paquete manipulado. • http://secunia.com/advisories/37175 http://secunia.com/advisories/37409 http://www.securityfocus.com/bid/36846 http://www.vupen.com/english/advisories/2009/3061 http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html http://www.wireshark.org/security/wnpa-sec-2009-07.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689 https://exchange.xforce.ibmcloud.com/vulnerabilities/54016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6391 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 7%CPEs: 18EXPL: 2CVE-2009-3241 – Wireshark 1.2.1 - OpcUa Dissector Resource Exhaustion (Denial of Service)
https://notcve.org/view.php?id=CVE-2009-3241
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. Vulnerabilidad no especificada en el analizador OpcUa (OPC UA) de Wireshark v0.99.6 hasta v1.0.8 y v1.2.0 hasta v1.2.1, permite a atacantes remotos provocar una denegación de servicio (consumo de la memoria y la CPU) a través de paquetes OPCUA Service CallRequest mal formados. • https://www.exploit-db.com/exploits/33222 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36754 http://secunia.com/advisories/37409 http://secunia.com/advisories/37477 http://www.debian.org/security/2009/dsa-1942 http://www.securityfocus.com/bid/36408 http://www.wireshark.org/docs/relnotes/wireshark-1.0.9.html http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec- •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 2CVE-2009-3242 – Wireshark 1.2.1 - GSM A RR Dissector packet.c Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-3242
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. Vulnerabilidad sin especificar en packet.c en el analizador GSM A RR en Wireshark v1.2.0 y v1.2.1, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de vectores desconocidos relacionados con "el manejo no inicializado del analizador", que provoca un fallo de aserción. • https://www.exploit-db.com/exploits/33224 http://secunia.com/advisories/36754 http://secunia.com/advisories/37409 http://www.securityfocus.com/bid/36408 http://www.wireshark.org/docs/relnotes/wireshark-1.2.2.html http://www.wireshark.org/security/wnpa-sec-2009-06.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3893 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5423 •