Vulnerability Details : CVE-2006-4574
Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.
Vulnerability category: Denial of service
Products affected by CVE-2006-4574
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4574
5.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4574
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-17 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-02-15 |
CWE ids for CVE-2006-4574
-
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-4574
-
http://www.redhat.com/support/errata/RHSA-2006-0726.html
SupportBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29844
Wireshark (Ethereal) MIME denial of service CVE-2006-4574 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/22590
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/20762
Broken Link;Third Party Advisory;VDB Entry
-
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
Broken Link
-
http://www.us.debian.org/security/2006/dsa-1201
Broken Link
-
https://issues.rpath.com/browse/RPL-746
Broken Link
-
http://secunia.com/advisories/23096
About Secunia Research | FlexeraBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:195
Advisories - Mandriva LinuxThird Party Advisory
-
http://secunia.com/advisories/22797
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/22672
About Secunia Research | FlexeraBroken Link
-
http://securitytracker.com/id?1017129
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/22841
About Secunia Research | FlexeraBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9740
404 Not FoundBroken Link
-
http://www.securityfocus.com/archive/1/450307/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm
ASA-2006-255 (RHSA-2006-0726)Third Party Advisory
-
http://secunia.com/advisories/22929
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/22692
About Secunia Research | FlexeraBroken Link
-
http://www.novell.com/linux/security/advisories/2006_65_ethereal.html
404 Page Not Found | SUSEBroken Link
-
http://www.wireshark.org/security/wnpa-sec-2006-03.html
Wireshark • wnpa-sec-2006-03 Multiple problems in Wireshark (formerly Ethereal)Third Party Advisory
-
http://secunia.com/advisories/22659
About Secunia Research | FlexeraBroken Link
-
http://www.vupen.com/english/advisories/2006/4220
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
Jump to