Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1562Improper Input Validation in Wireshark

CWE-20Improper Input Validation8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
48.8%
top 2.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedMar 31
Latest updateMay 1

Description

The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDwireshark/wireshark7 versions+6

🔴Vulnerability Details

1
GHSA
GHSA-wg7h-v77w-f95g: The LDAP dissector in Wireshark (formerly Ethereal) 02022-05-01

💥Exploits & PoCs

2
Exploit-DB
Wireshark 0.99.8 - LDAP Dissector Denial of Service2008-03-28
Metasploit
Wireshark LDAP Dissector DOS

📋Vendor Advisories

2
Red Hat
wireshark: crash in LDAP dissector2008-03-28
Debian
CVE-2008-1562: wireshark - The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows...2008

💬Community

2
Bugzilla
CVE-2008-1562 wireshark: crash in LDAP dissector2008-04-01
Bugzilla
CVE-2008-0983 lighttpd crashes when it's low on file descriptors2008-02-22