CVE-2007-6438
wireshark SMB dissector crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
Una vulnerabilidad no especificada en el disector del SMB en Wireshark (anteriormente Ethereal) versión 0.99.6, permite a los atacantes remotos causar una denegación de servicio por medio de vectores de ataque desconocidos. NOTA: este identificador originalmente incluía MP3 y NCP, pero esos problemas ya están cubiertos por CVE-2007-6111.
Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. Versions less than 0.99.7 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-12-19 CVE Reserved
- 2007-12-19 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=199958 | X_refsource_misc | |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/485792/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27071 | Vdb Entry | |
| http://www.wireshark.org/security/wnpa-sec-2007-03.html | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39178 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-1975 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11785 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14734 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html | 2023-11-07 | |
| http://secunia.com/advisories/27777 | 2023-11-07 | |
| http://secunia.com/advisories/28288 | 2023-11-07 | |
| http://secunia.com/advisories/28304 | 2023-11-07 | |
| http://secunia.com/advisories/28325 | 2023-11-07 | |
| http://secunia.com/advisories/28564 | 2023-11-07 | |
| http://secunia.com/advisories/29048 | 2023-11-07 | |
| http://security.gentoo.org/glsa/glsa-200712-23.xml | 2023-11-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:001 | 2023-11-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:1 | 2023-11-07 | |
| http://www.redhat.com/support/errata/RHSA-2008-0058.html | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2007-6438 | 2008-01-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=427249 | 2008-01-21 |