// For flags

CVE-2008-3145

wireshark: crash in the packet reassembling

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.

La función fragment_add_work de epan/reassemble.c en Wireshark versiones 0.8.19 hasta la 1.0.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de series de paquetes fragmentados con valores de desplazamiento de fragmentación no secuencial, lo cual provoca una sobre-lectua del buffer.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-07-10 CVE Reserved
  • 2008-07-16 CVE Published
  • 2024-07-22 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (28)
URL Tag Source
http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343 X_refsource_confirm
http://secunia.com/advisories/31257 Third Party Advisory
http://secunia.com/advisories/31378 Third Party Advisory
http://secunia.com/advisories/31687 Third Party Advisory
http://secunia.com/advisories/32091 Third Party Advisory
http://secunia.com/advisories/32944 Third Party Advisory
http://securitytracker.com/id?1020471 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0237 X_refsource_confirm
http://www.securityfocus.com/archive/1/494859/100/0/threaded Mailing List
http://www.securityfocus.com/bid/30181 Vdb Entry
http://www.vupen.com/english/advisories/2008/2057/references Vdb Entry
http://www.vupen.com/english/advisories/2008/2773 Vdb Entry
http://www.wireshark.org/security/wnpa-sec-2008-04.html X_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2470 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/43719 Vdb Entry
https://issues.rpath.com/browse/RPL-2684 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/31044 2018-10-11
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html 2018-10-11
http://secunia.com/advisories/31085 2018-10-11
http://security.gentoo.org/glsa/glsa-200808-04.xml 2018-10-11
http://www.debian.org/security/2008/dsa-1673 2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2008:152 2018-10-11
http://www.redhat.com/support/errata/RHSA-2008-0890.html 2018-10-11
https://bugzilla.redhat.com/show_bug.cgi?id=454984 2008-10-01
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html 2018-10-11
https://access.redhat.com/security/cve/CVE-2008-3145 2008-10-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.8.19
Search vendor "Wireshark" for product "Wireshark" and version "0.8.19"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.0
Search vendor "Wireshark" for product "Wireshark" and version "0.99.0"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.1
Search vendor "Wireshark" for product "Wireshark" and version "0.99.1"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.2
Search vendor "Wireshark" for product "Wireshark" and version "0.99.2"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.3
Search vendor "Wireshark" for product "Wireshark" and version "0.99.3"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.4
Search vendor "Wireshark" for product "Wireshark" and version "0.99.4"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.5
Search vendor "Wireshark" for product "Wireshark" and version "0.99.5"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.6
Search vendor "Wireshark" for product "Wireshark" and version "0.99.6"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.6a
Search vendor "Wireshark" for product "Wireshark" and version "0.99.6a"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.7
Search vendor "Wireshark" for product "Wireshark" and version "0.99.7"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 0.99.8
Search vendor "Wireshark" for product "Wireshark" and version "0.99.8"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 1.0
Search vendor "Wireshark" for product "Wireshark" and version "1.0"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 1.0.0
Search vendor "Wireshark" for product "Wireshark" and version "1.0.0"
-
Affected
Wireshark
Search vendor "Wireshark"
 Wireshark
Search vendor "Wireshark" for product "Wireshark"
 1.0.1
Search vendor "Wireshark" for product "Wireshark" and version "1.0.1"
-
Affected