// For flags

CVE-2010-3445

wireshark: stack overflow in BER dissector

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

Vulnerabilidad de consumo de pila en la función dissect_ber_unknown en pan/dissectors/packet-ber.c en el disector BER en Wireshark v1.4.x anterior a v1.4.1 y v1.2.x anterior a v1.2.12 permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero NULO y el cuelgue) a través de una cadena larga en un paquete codificado ASN.1/BER desconocido, como se ha demostrado mediante SNMP.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-17 CVE Reserved
  • 2010-11-26 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (35)
URL Tag Source
http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html Mailing List
http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in X_refsource_confirm
http://secunia.com/advisories/42392 Third Party Advisory
http://secunia.com/advisories/42411 Third Party Advisory
http://secunia.com/advisories/42877 Third Party Advisory
http://secunia.com/advisories/43068 Third Party Advisory
http://secunia.com/advisories/43759 Third Party Advisory
http://secunia.com/advisories/43821 Third Party Advisory
http://www.kb.cert.org/vuls/id/215900 Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/01/10 Mailing List
http://www.openwall.com/lists/oss-security/2010/10/12/1 Mailing List
http://www.securityfocus.com/bid/43197 Vdb Entry
http://www.vupen.com/english/advisories/2010/3067 Vdb Entry
http://www.vupen.com/english/advisories/2010/3093 Vdb Entry
http://www.vupen.com/english/advisories/2011/0076 Vdb Entry
http://www.vupen.com/english/advisories/2011/0212 Vdb Entry
http://www.vupen.com/english/advisories/2011/0404 Vdb Entry
http://www.vupen.com/english/advisories/2011/0626 Vdb Entry
http://www.vupen.com/english/advisories/2011/0719 Vdb Entry
http://www.wireshark.org/security/wnpa-sec-2010-12.html X_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230 X_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.0
Search vendor "Wireshark" for product "Wireshark" and version "1.2.0"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.1
Search vendor "Wireshark" for product "Wireshark" and version "1.2.1"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.2
Search vendor "Wireshark" for product "Wireshark" and version "1.2.2"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.3
Search vendor "Wireshark" for product "Wireshark" and version "1.2.3"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.4
Search vendor "Wireshark" for product "Wireshark" and version "1.2.4"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.5
Search vendor "Wireshark" for product "Wireshark" and version "1.2.5"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.6
Search vendor "Wireshark" for product "Wireshark" and version "1.2.6"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.7
Search vendor "Wireshark" for product "Wireshark" and version "1.2.7"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.8
Search vendor "Wireshark" for product "Wireshark" and version "1.2.8"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.9
Search vendor "Wireshark" for product "Wireshark" and version "1.2.9"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.10
Search vendor "Wireshark" for product "Wireshark" and version "1.2.10"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.2.11
Search vendor "Wireshark" for product "Wireshark" and version "1.2.11"
-
Affected
Wireshark
Search vendor "Wireshark"
Wireshark
Search vendor "Wireshark" for product "Wireshark"
1.4.0
Search vendor "Wireshark" for product "Wireshark" and version "1.4.0"
-
Affected