CVE-2006-4574 — Off-by-one Error in Wireshark

CWE-193 — Off-by-one Error CWE-617 — Reachable Assertion10 documents7 sources

Severity

7.5HIGHNVD

EPSS

6.8%

top 8.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedOct 28

Latest updateMay 3

Description

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 0.99.4-1 (bookworm)

▶Debianwireshark/wireshark< 0.99.4-1+3

▶NVDwireshark/wireshark0.10.1 — 0.99.3

🔴Vulnerability Details

GHSA

GHSA-cjqf-4m3m-v7rh: Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0↗2022-05-03

▶

OSV

CVE-2006-4574: Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0↗2006-10-28

▶

📋Vendor Advisories

Red Hat

security flaw↗2006-10-30

▶

Debian

CVE-2006-4574: wireshark - Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal...↗2006

▶

📐Framework References

CWE

Reachable Assertion↗

▶

CWE

Off-by-one Error↗

▶

💬Community

Bugzilla

CVE-2006-4574 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4574 Multiple Wireshark issues (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740)↗2006-10-24

▶

Bugzilla

CVE-2006-1932 Multiple ethereal issues (CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940, VE-2006-4805, CVE-2006-5468, CVE-2006-54↗2006-05-12

▶