Computer Security
[EN] securityvulns.ru no-pyccku


Wireshark packet parsing vulnerabilities
Published:05.11.2009
Source:
SecurityVulns ID:10377
Type:local
Threat Level:
4/10
Description:DoS and memory corruption on different capture files formats parsing.
Affected:WIRESHARK : Wireshark 1.0
CVE:CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability.")
 CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:292 ] wireshark (05.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod