Vulnerability Details : CVE-2008-1562
Public exploit exists!
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2008-1562
- cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1562
13.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2008-1562
-
Wireshark LDAP Dissector DOS
Disclosure Date: 2008-03-28First seen: 2020-04-26auxiliary/dos/wireshark/ldapThe LDAP dissector in Wireshark 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-1562
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-1562
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-1562
-
Red Hat 2008-10-17The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
References for CVE-2008-1562
-
http://www.vupen.com/english/advisories/2008/1007/references
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14549
-
http://www.securityfocus.com/bid/28485
-
http://www.wireshark.org/security/wnpa-sec-2008-02.html
Wireshark • wnpa-sec-2008-02 Multiple problems in Wireshark
-
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
ASA-2008-392 (RHSA-2008-0890)
-
https://issues.rpath.com/browse/RPL-2418
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:08 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:091
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2008-0890.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html
[SECURITY] Fedora 7 Update: wireshark-1.0.0-1.fc7
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41516
-
http://www.gentoo.org/security/en/glsa/glsa-200805-05.xml
Wireshark: Denial of service (GLSA 200805-05) — Gentoo security
-
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html
[SECURITY] Fedora 8 Update: wireshark-1.0.0-1.fc8
-
http://www.vupen.com/english/advisories/2008/2773
Site en construction
-
http://www.securitytracker.com/id?1019728
-
http://www.securityfocus.com/archive/1/490487/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9318
Jump to