CVE-2007-3389
published 2007-06-26CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
16.26%
96.5th percentile
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 0.99.6pre1-1 (bookworm) | wireshark 0.99.6pre1-1 (bookworm) |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | >= 0 < 0.99.6pre1-1 | 0.99.6pre1-1 |
| wireshark | wireshark | >= 0 < 0.99.6pre1-1 | 0.99.6pre1-1 |
| wireshark | wireshark | >= 0 < 0.99.6pre1-1 | 0.99.6pre1-1 |
| wireshark | wireshark | >= 0 < 0.99.6pre1-1 | 0.99.6pre1-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fmgx-grvc-558f: Wireshark before 0
ghsa_unreviewed·2022-05-01
CVE-2007-3389 [MEDIUM] CWE-20 GHSA-fmgx-grvc-558f: Wireshark before 0
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
OSV
CVE-2007-3389: Wireshark before 0
osv·2007-06-26·CVSS 5.0
CVE-2007-3389 [MEDIUM] CVE-2007-3389: Wireshark before 0
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Red Hat
Wireshark crashes when inspecting HTTP traffic
vendor_redhat·2007-02-22·CVSS 5.0
CVE-2007-3389 [MEDIUM] Wireshark crashes when inspecting HTTP traffic
Wireshark crashes when inspecting HTTP traffic
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Debian
CVE-2007-3389: wireshark - Wireshark before 0.99.6 allows remote attackers to cause a denial of service (cr...
vendor_debian·2007·CVSS 5.0
CVE-2007-3389 [MEDIUM] CVE-2007-3389: wireshark - Wireshark before 0.99.6 allows remote attackers to cause a denial of service (cr...
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Scope: local
bookworm: resolved (fixed in 0.99.6pre1-1)
bullseye: resolved (fixed in 0.99.6pre1-1)
forky: resolved (fixed in 0.99.6pre1-1)
sid: resolved (fixed in 0.99.6pre1-1)
trixie: resolved (fixed in 0.99.6pre1-1)
No detection rules found.
http://osvdb.org/37643http://secunia.com/advisories/25833http://secunia.com/advisories/25987http://secunia.com/advisories/26004http://secunia.com/advisories/26499http://secunia.com/advisories/27592http://secunia.com/advisories/28583http://security.gentoo.org/glsa/glsa-200708-12.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:145http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0709.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0710.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0059.htmlhttp://www.securityfocus.com/bid/24662http://www.securitytracker.com/id?1018315http://www.vupen.com/english/advisories/2007/2353http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.htmlhttp://www.wireshark.org/security/wnpa-sec-2007-02.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35207https://issues.rpath.com/browse/RPL-1498https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9964http://osvdb.org/37643http://secunia.com/advisories/25833http://secunia.com/advisories/25987http://secunia.com/advisories/26004http://secunia.com/advisories/26499http://secunia.com/advisories/27592http://secunia.com/advisories/28583http://security.gentoo.org/glsa/glsa-200708-12.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:145http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0709.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0710.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0059.htmlhttp://www.securityfocus.com/bid/24662http://www.securitytracker.com/id?1018315http://www.vupen.com/english/advisories/2007/2353http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.htmlhttp://www.wireshark.org/security/wnpa-sec-2007-02.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/35207https://issues.rpath.com/browse/RPL-1498https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9964
2007-06-26
Published