cbcvebase.
CVE-2008-1562
published 2008-03-31

CVE-2008-1562: The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a…

PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
50.69%
98.8th percentile
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianwireshark
wiresharkwireshark
wiresharkwireshark
wiresharkwireshark
wiresharkwireshark
wiresharkwireshark
wiresharkwireshark
wiresharkwireshark

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31553.pcap
  • Malformed LDAP packets targeting Wireshark versions 0.99.2 through 0.99.8 can be used to crash the LDAP dissector; monitor for anomalous/malformed LDAP traffic directed at hosts running vulnerable Wireshark versions.
  • A Metasploit auxiliary module exists for this DoS: modules/auxiliary/dos/wireshark/ldap.rb — presence of this module in use on the network indicates active exploitation attempts.
  • A proof-of-concept PCAP file (31553.pcap) is publicly available and can be used as a signature source for network-based detection of exploit attempts.
  • ·Vulnerability affects Wireshark versions 0.99.2 through 0.99.8 (inclusive); versions outside this range are not affected by this specific CVE.
  • ·This is a distinct vulnerability from CVE-2006-5740, which also affected the Wireshark LDAP dissector; ensure both are tracked separately.
  • ·Arbitrary code execution has not been confirmed; the primary confirmed impact is application crash/denial of service.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.