CVE-2006-4333 — Wireshark vulnerability

CWE-3998 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

4.0%

top 11.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedAug 24

Latest updateMay 1

Description

The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 0.99.2-5.1 (bookworm)

▶Debianwireshark/wireshark< 0.99.2-5.1+3

▶NVDwireshark/wireshark5 versions+4

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-jhfx-pfvp-j6f3: The SSCOP dissector in Wireshark (formerly Ethereal) before 0↗2022-05-01

▶

OSV

CVE-2006-4333: The SSCOP dissector in Wireshark (formerly Ethereal) before 0↗2006-08-24

▶

📋Vendor Advisories

Red Hat

security flaw↗2006-08-23

▶

Debian

CVE-2006-4333: wireshark - The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote...↗2006

▶

💬Community

Bugzilla

CVE-2006-4333 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4330 Wireshark security issues (CVE-2006-4331 CVE-2006-4333)↗2006-08-25

▶

Bugzilla

CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332 CVE-2006-4331)↗2006-08-25

▶