Vulnerability Details : CVE-2009-2560
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9.
Vulnerability category: Denial of service
Products affected by CVE-2009-2560
- cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2560
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2560
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2009-2560
-
Red Hat 2010-04-20The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html Vectors (1) Bluetooth L2CAP and (3) MIOP did not affect the versions of the Wireshark package, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
References for CVE-2009-2560
-
http://www.debian.org/security/2009/dsa-1942
[SECURITY] [DSA 1942-1] New wireshark packages fix several vulnerabilities
-
http://www.vupen.com/english/advisories/2009/3061
Site en constructionVendor Advisory
-
http://www.wireshark.org/security/wnpa-sec-2009-08.html
Wireshark • wnpa-sec-2009-08 Multiple vulnerabilities in Wireshark
-
http://www.wireshark.org/security/wnpa-sec-2009-04.html
Wireshark • wnpa-sec-2009-04 Multiple vulnerabilities in WiresharkPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/1970
Site en constructionVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/54019
Wireshark RADIUS dissector denial of service CVE-2009-2560 Vulnerability Report
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:194
Mandriva
-
http://www.openwall.com/lists/oss-security/2009/07/22/2
oss-security - Re: CVE request: Wireshark <1.2.1 Multiple DoS
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6416
404 Not Found
-
http://www.securityfocus.com/bid/35748
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10403
404 Not Found
-
http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html
Wireshark • Wireshark 1.0.10 Release Notes
-
http://www.securityfocus.com/bid/36846
Jump to