CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Wireshark : Security Vulnerabilities Published In 2009 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4378 DoS 2009-12-21 2012-01-13
4.3
None Remote Medium Not required None None Partial
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
2 CVE-2009-4377 DoS 2009-12-21 2010-08-21
4.3
None Remote Medium Not required None None Partial
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
3 CVE-2009-4376 119 DoS Exec Code Overflow 2009-12-21 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
4 CVE-2009-3829 189 DoS Exec Code Overflow 2009-10-30 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
5 CVE-2009-3551 189 DoS 2009-10-30 2010-08-21
5.0
None Remote Low Not required None None Partial
Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
6 CVE-2009-3550 DoS 2009-10-30 2010-08-21
4.3
None Remote Medium Not required None None Partial
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.
7 CVE-2009-3549 20 DoS 2009-10-30 2010-08-21
5.0
None Remote Low Not required None None Partial
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
8 CVE-2009-3243 DoS 2009-09-18 2010-08-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
9 CVE-2009-3242 DoS 2009-09-18 2010-08-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.
10 CVE-2009-3241 DoS 2009-09-18 2010-08-21
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
11 CVE-2009-2563 DoS 2009-07-21 2010-08-21
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
12 CVE-2009-2562 DoS 2009-07-21 2011-09-01
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
13 CVE-2009-2561 DoS 2009-07-21 2010-08-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
14 CVE-2009-2560 DoS 2009-07-21 2010-12-01
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
15 CVE-2009-2559 119 DoS Overflow 2009-07-21 2010-08-21
5.0
None Remote Low Not required None None Partial
Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.
16 CVE-2009-1829 DoS 2009-05-29 2010-08-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
17 CVE-2009-1269 DoS 2009-04-13 2010-08-21
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
18 CVE-2009-1268 20 DoS 2009-04-13 2010-08-21
4.3
None Remote Medium Not required None None Partial
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
19 CVE-2009-1267 DoS 2009-04-13 2011-01-20
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
20 CVE-2009-0601 134 DoS 2009-02-16 2009-03-17
2.1
None Local Low Not required None None Partial
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
21 CVE-2009-0600 20 DoS 2009-02-16 2012-08-13
4.3
None Remote Medium Not required None None Partial
Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.
22 CVE-2009-0599 119 DoS Overflow 2009-02-16 2013-09-02
5.0
None Remote Low Not required None None Partial
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.
23 CVE-2008-6472 399 DoS 2009-03-14 2010-08-21
4.3
None Remote Medium Not required None None Partial
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.