Vulnerability Details : CVE-2009-1268
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2009-1268
- cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:0.99.6a:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1268
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1268
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2009-1268
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1268
-
http://www.debian.org/security/2009/dsa-1942
[SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269
Wireshark 1.06 crashes in libwireshark.dll when decoding CPHA packet (#3269) · Issues · Wireshark Foundation / Wireshark · GitLabVendor Advisory
-
http://www.wireshark.org/security/wnpa-sec-2009-02.html
Wireshark • wnpa-sec-2009-02 Multiple problems in WiresharkVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:088
MandrivaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://wiki.rpath.com/Advisories:rPSA-2009-0062
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html
[SECURITY] Fedora 10 Update: wireshark-1.0.7-1.fc10
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5335
404 Not Found
-
http://www.securitytracker.com/id?1022027
GoDaddy Domain Name Search
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html
[SECURITY] Fedora 9 Update: wireshark-1.0.8-1.fc9
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html
[SECURITY] Fedora 10 Update: wireshark-1.0.8-1.fc10
-
http://www.debian.org/security/2009/dsa-1785
[SECURITY] [DSA 1785-1] New wireshark packages fix several vulnerabilities
-
http://www.securityfocus.com/archive/1/502745/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49815
Wireshark CPHAP denial of service CVE-2009-1268 Vulnerability Report
-
http://www.redhat.com/support/errata/RHSA-2009-1100.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10876
404 Not Found
-
http://www.securityfocus.com/bid/34457
Jump to