CVE-2006-3632
published 2006-07-21CVE-2006-3632: Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the…
PriorityP338critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
7.33%
93.6th percentile
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
Affected
46 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 0.99.2-1 (bookworm) | wireshark 0.99.2-1 (bookworm) |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0HIGH
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j662-g76p-xchg: Buffer overflow in Wireshark (aka Ethereal) 0
ghsa_unreviewed·2022-05-03
CVE-2006-3632 [HIGH] CWE-119 GHSA-j662-g76p-xchg: Buffer overflow in Wireshark (aka Ethereal) 0
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
OSV
CVE-2006-3632: Buffer overflow in Wireshark (aka Ethereal) 0
osv·2006-07-21·CVSS 10.0
CVE-2006-3632 [CRITICAL] CVE-2006-3632: Buffer overflow in Wireshark (aka Ethereal) 0
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
Red Hat
security flaw
vendor_redhat·2006-07-17·CVSS 10.0
CVE-2006-3632 [CRITICAL] security flaw
security flaw
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
Debian
CVE-2006-3632: wireshark - Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attac...
vendor_debian·2006·CVSS 10.0
CVE-2006-3632 [CRITICAL] CVE-2006-3632: wireshark - Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attac...
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
Scope: local
bookworm: resolved (fixed in 0.99.2-1)
bullseye: resolved (fixed in 0.99.2-1)
forky: resolved (fixed in 0.99.2-1)
sid: resolved (fixed in 0.99.2-1)
trixie: resolved (fixed in 0.99.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-3632 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2006-3632 [CRITICAL] CVE-2006-3632 security flaw
CVE-2006-3632 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
Bugzilla
CVE-2006-3627 Mulitple security issues (CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632)
bugzilla·2006-07-18·CVSS 5.0
CVE-2006-3627 [MEDIUM] CVE-2006-3627 Mulitple security issues (CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632)
CVE-2006-3627 Mulitple security issues (CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632)
From http://www.wireshark.org/security/wnpa-sec-2006-01.html
Name: Multiple problems in Ethereal® versions 0.8.14 to 0.10.10
Docid: wnpa-sec-2006-01
Date: July 17, 2006
Versions affected: 0.8.16 up to and including 0.99.0
Details
Description
Wireshark 0.99.2 fixes the following vulnerabilities:
* The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE:
CVE-2006-3627
Ilja van Sprundel discovered the following vulnerabilities:
* The ANSI MAP dissector was vulnerable to a format string overflow.
Versions affected: 0.10.0. CVE: CVE-2006-3628
* The Checkpoint FW-1 dissector was vulnerable to a format string overflow.
Versions affected: 0.10.10. CVE: CVE-2006-3628
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0602.htmlhttp://secunia.com/advisories/21078http://secunia.com/advisories/21107http://secunia.com/advisories/21121http://secunia.com/advisories/21204http://secunia.com/advisories/21249http://secunia.com/advisories/21467http://secunia.com/advisories/21488http://secunia.com/advisories/21598http://secunia.com/advisories/22089http://security.gentoo.org/glsa/glsa-200607-09.xmlhttp://securitytracker.com/id?1016532http://support.avaya.com/elmodocs2/security/ASA-2006-197.htmhttp://www.debian.org/security/2006/dsa-1127http://www.mandriva.com/security/advisories?name=MDKSA-2006:128http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.osvdb.org/27371http://www.securityfocus.com/archive/1/440576/100/0/threadedhttp://www.securityfocus.com/bid/19051http://www.vupen.com/english/advisories/2006/2850http://www.wireshark.org/security/wnpa-sec-2006-01.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27830https://issues.rpath.com/browse/RPL-512https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9468ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0602.htmlhttp://secunia.com/advisories/21078http://secunia.com/advisories/21107http://secunia.com/advisories/21121http://secunia.com/advisories/21204http://secunia.com/advisories/21249http://secunia.com/advisories/21467http://secunia.com/advisories/21488http://secunia.com/advisories/21598http://secunia.com/advisories/22089http://security.gentoo.org/glsa/glsa-200607-09.xmlhttp://securitytracker.com/id?1016532http://support.avaya.com/elmodocs2/security/ASA-2006-197.htmhttp://www.debian.org/security/2006/dsa-1127http://www.mandriva.com/security/advisories?name=MDKSA-2006:128http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.osvdb.org/27371http://www.securityfocus.com/archive/1/440576/100/0/threadedhttp://www.securityfocus.com/bid/19051http://www.vupen.com/english/advisories/2006/2850http://www.wireshark.org/security/wnpa-sec-2006-01.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/27830https://issues.rpath.com/browse/RPL-512https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9468
2006-07-21
Published