CVE-2009-3549 : packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on S

packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.

Published 2009-10-30 20:30:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2009-3549

Wireshark » Wireshark » Version: 1.2.0
cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
Matching versions
When used together with: SUN » Sparc
Wireshark » Wireshark » Version: 1.2
cpe:2.3:a:wireshark:wireshark:1.2:*:*:*:*:*:*:*
Matching versions
When used together with: SUN » Sparc
Wireshark » Wireshark » Version: 1.2.1
cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
Matching versions
When used together with: SUN » Sparc

Exploit prediction scoring system (EPSS) score for CVE-2009-3549

EPSS FAQ

1.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-3549

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2009-3549

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2009-3549

Red Hat 2009-11-02

Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References for CVE-2009-3549

http://www.vupen.com/english/advisories/2009/3061

Site en construction
Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/37409

About Secunia Research | Flexera

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/54016

Wireshark dissect_paltalk() denial of service CVE-2009-3549 Vulnerability Report
http://www.wireshark.org/security/wnpa-sec-2009-07.html

Wireshark • wnpa-sec-2009-07 Multiple vulnerabilities in Wireshark
Vendor Advisory

CVEs referencing this url
http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html

Wireshark • Wireshark 1.2.3 Release Notes
Patch

CVEs referencing this url
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3689

Possibly-unaligned dereference in packet-paltalk.c (#3689) · Issues · Wireshark Foundation / Wireshark · GitLab
http://secunia.com/advisories/37175

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6391

404 Not Found
http://www.securityfocus.com/bid/36846

Patch

CVEs referencing this url