CVE-2006-4805

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.

epan/dissectors/packet-xot.c en el separador XOT (dissect_xot_pdu) en Wireshark (antes conocido como Ethereal) 0.9.8 hasta la 0.99.3 permite a un atacante remoto provocar denegación de servicio (consumo de memoria y caida) a través de un paquete XOT codificado que crea un valor de longitud zero cuando está codificado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-15 CVE Reserved
2006-10-27 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (25)

URL	Tag	Source
http://secunia.com/advisories/22659	Third Party Advisory
http://secunia.com/advisories/22672	Third Party Advisory
http://secunia.com/advisories/22692	Third Party Advisory
http://secunia.com/advisories/22797	Third Party Advisory
http://secunia.com/advisories/22841	Third Party Advisory
http://secunia.com/advisories/22929	Third Party Advisory
http://secunia.com/advisories/23096	Third Party Advisory
http://securitytracker.com/id?1017129	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm	X_refsource_confirm
http://www.kb.cert.org/vuls/id/723736	Third Party Advisory
http://www.securityfocus.com/archive/1/450307/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/20762	Vdb Entry
http://www.vupen.com/english/advisories/2006/4220	Vdb Entry
http://www.wireshark.org/security/wnpa-sec-2006-03.html	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/29843	Vdb Entry
https://issues.rpath.com/browse/RPL-746	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P	2018-10-17
http://secunia.com/advisories/22590	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:195	2018-10-17
http://www.novell.com/linux/security/advisories/2006_65_ethereal.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0726.html	2018-10-17
http://www.us.debian.org/security/2006/dsa-1201	2018-10-17
https://access.redhat.com/security/cve/CVE-2006-4805	2006-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1618202	2006-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.9.8 Search vendor "Wireshark" for product "Wireshark" and version "0.9.8"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.9.10 Search vendor "Wireshark" for product "Wireshark" and version "0.9.10"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.10 Search vendor "Wireshark" for product "Wireshark" and version "0.10"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.10.4 Search vendor "Wireshark" for product "Wireshark" and version "0.10.4"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.10.13 Search vendor "Wireshark" for product "Wireshark" and version "0.10.13"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.99 Search vendor "Wireshark" for product "Wireshark" and version "0.99"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.99.1 Search vendor "Wireshark" for product "Wireshark" and version "0.99.1"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.99.2 Search vendor "Wireshark" for product "Wireshark" and version "0.99.2"		-		Affected
Wireshark Search vendor "Wireshark"		Wireshark Search vendor "Wireshark" for product "Wireshark"				0.99.3 Search vendor "Wireshark" for product "Wireshark" and version "0.99.3"		-		Affected