// For flags

CVE-2006-4574

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

Error por un paso en el disector MIME Multipart en Wireshark (anteriormente Ethereal) desde la versión 0.10.1 hasta la 0.99.3 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado) mediante determinados vectores que desencadenan un error de aserción relacionado con valores de longitud inesperados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-09-06 CVE Reserved
  • 2006-10-28 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-193: Off-by-one Error
  • CWE-617: Reachable Assertion
CAPEC
References (24)
URL Tag Source
http://secunia.com/advisories/22659 Broken Link
http://secunia.com/advisories/22672 Broken Link
http://secunia.com/advisories/22692 Broken Link
http://secunia.com/advisories/22797 Broken Link
http://secunia.com/advisories/22841 Broken Link
http://secunia.com/advisories/22929 Broken Link
http://secunia.com/advisories/23096 Broken Link
http://securitytracker.com/id?1017129 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm Third Party Advisory
http://www.securityfocus.com/archive/1/450307/100/0/threaded Broken Link
http://www.securityfocus.com/bid/20762 Broken Link
http://www.vupen.com/english/advisories/2006/4220 Broken Link
http://www.wireshark.org/security/wnpa-sec-2006-03.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29844 Third Party Advisory
https://issues.rpath.com/browse/RPL-746 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9740 Broken Link
URL Date SRC
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P 2024-02-15
http://secunia.com/advisories/22590 2024-02-15
http://www.mandriva.com/security/advisories?name=MDKSA-2006:195 2024-02-15
http://www.novell.com/linux/security/advisories/2006_65_ethereal.html 2024-02-15
http://www.redhat.com/support/errata/RHSA-2006-0726.html 2024-02-15
http://www.us.debian.org/security/2006/dsa-1201 2024-02-15
https://access.redhat.com/security/cve/CVE-2006-4574 2006-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1618197 2006-11-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 >= 0.10.1 <= 0.99.3
Search vendor "Wireshark" for product "Wireshark" and version " >= 0.10.1 <= 0.99.3"
-
Affected