CVE-2007-6111
published 2007-11-23CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or…
PriorityP420high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
1.93%
77.5th percentile
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
Affected
79 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 0.99.7~pre1-1 (bookworm) | wireshark 0.99.7~pre1-1 (bookworm) |
| debian | wireshark | < wireshark 0.99.7-1 (bookworm) | wireshark 0.99.7-1 (bookworm) |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv7.1HIGH
vendor_debian7.1HIGH
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g84g-mfq4-3j25: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP
ghsa_unreviewed·2022-05-01
CVE-2007-6111 [HIGH] GHSA-g84g-mfq4-3j25: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
GHSA
GHSA-rxc8-cm3m-q86x: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0
ghsa_unreviewed·2022-05-01·CVSS 7.1
CVE-2007-6438 [HIGH] CWE-119 GHSA-rxc8-cm3m-q86x: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
OSV
CVE-2007-6438: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0
osv·2007-12-19·CVSS 7.1
CVE-2007-6438 [HIGH] CVE-2007-6438: Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
OSV
CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP
osv·2007-11-23·CVSS 7.1
CVE-2007-6111 [HIGH] CVE-2007-6111: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
Red Hat
wireshark SMB dissector crash
vendor_redhat·2007-12-18·CVSS 7.1
CVE-2007-6438 [HIGH] wireshark SMB dissector crash
wireshark SMB dissector crash
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
Red Hat
wireshark mp3 and ncp flaws
vendor_redhat·2007-11-22·CVSS 7.1
CVE-2007-6111 [HIGH] wireshark mp3 and ncp flaws
wireshark mp3 and ncp flaws
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
Debian
CVE-2007-6111: wireshark - Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remo...
vendor_debian·2007·CVSS 7.1
CVE-2007-6111 [HIGH] CVE-2007-6111: wireshark - Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remo...
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
Scope: local
bookworm: resolved (fixed in 0.99.7~pre1-1)
bullseye: resolved (fixed in 0.99.7~pre1-1)
forky: resolved (fixed in 0.99.7~pre1-1)
sid: resolved (fixed in 0.99.7~pre1-1)
trixie: resolved (fixed in 0.99.7~pre1-1)
Debian
CVE-2007-6438: wireshark - Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) ...
vendor_debian·2007·CVSS 7.1
CVE-2007-6438 [HIGH] CVE-2007-6438: wireshark - Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) ...
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
Scope: local
bookworm: resolved (fixed in 0.99.7-1)
bullseye: resolved (fixed in 0.99.7-1)
forky: resolved (fixed in 0.99.7-1)
sid: resolved (fixed in 0.99.7-1)
trixie: resolved (fixed in 0.99.7-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-6438 wireshark SMB dissector crash
bugzilla·2008-01-02·CVSS 7.1
CVE-2007-6438 [HIGH] CVE-2007-6438 wireshark SMB dissector crash
CVE-2007-6438 wireshark SMB dissector crash
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6438 to the following vulnerability:
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
References:
http://www.wireshark.org/security/wnpa-sec-2007-03.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Bugzilla
CVE-2007-6111 wireshark mp3 and ncp flaws
bugzilla·2007-11-23·CVSS 7.1
CVE-2007-6111 [HIGH] CVE-2007-6111 wireshark mp3 and ncp flaws
CVE-2007-6111 wireshark mp3 and ncp flaws
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6111 to the following vulnerability:
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal)
allow remote attackers to cause a denial of service (crash) via (1) a
crafted MP3 file or (2) unspecified vectors to the NCP dissector.
Discussion:
wireshark-0.99.7-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-0.99.7-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0058.html
Fedora:
https://admin.fe
http://bugs.gentoo.org/show_bug.cgi?id=199958http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.htmlhttp://secunia.com/advisories/27777http://secunia.com/advisories/28197http://secunia.com/advisories/28207http://secunia.com/advisories/28288http://secunia.com/advisories/28304http://secunia.com/advisories/28325http://secunia.com/advisories/28564http://secunia.com/advisories/29048http://security.gentoo.org/glsa/glsa-200712-23.xmlhttp://securitytracker.com/id?1018988http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004http://www.mandriva.com/security/advisories?name=MDVSA-2008:001http://www.mandriva.com/security/advisories?name=MDVSA-2008:1http://www.redhat.com/support/errata/RHSA-2008-0058.htmlhttp://www.securityfocus.com/archive/1/485792/100/0/threadedhttp://www.securityfocus.com/bid/26532http://www.vupen.com/english/advisories/2007/3956http://www.wireshark.org/security/wnpa-sec-2007-03.htmlhttps://issues.rpath.com/browse/RPL-1975https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9048https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=199958http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.htmlhttp://secunia.com/advisories/27777http://secunia.com/advisories/28197http://secunia.com/advisories/28207http://secunia.com/advisories/28288http://secunia.com/advisories/28304http://secunia.com/advisories/28325http://secunia.com/advisories/28564http://secunia.com/advisories/29048http://security.gentoo.org/glsa/glsa-200712-23.xmlhttp://securitytracker.com/id?1018988http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004http://www.mandriva.com/security/advisories?name=MDVSA-2008:001http://www.mandriva.com/security/advisories?name=MDVSA-2008:1http://www.redhat.com/support/errata/RHSA-2008-0058.htmlhttp://www.securityfocus.com/archive/1/485792/100/0/threadedhttp://www.securityfocus.com/bid/26532http://www.vupen.com/english/advisories/2007/3956http://www.wireshark.org/security/wnpa-sec-2007-03.htmlhttps://issues.rpath.com/browse/RPL-1975https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9048https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html
2007-11-23
Published