CVE-2008-3146 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.8%

top 17.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedSep 2

Latest updateMay 1

Description

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.0.3-1 (bookworm)

▶Debianwireshark/wireshark< 1.0.3-1+3

▶NVDwireshark/wireshark17 versions+16

🔴Vulnerability Details

GHSA

GHSA-4hp9-6953-26vh: Multiple buffer overflows in packet_ncp2222↗2022-05-01

▶

OSV

CVE-2008-3146: Multiple buffer overflows in packet_ncp2222↗2008-09-02

▶

📋Vendor Advisories

Red Hat

wireshark: multiple buffer overflows in NCP dissector↗2008-09-03

▶

Debian

CVE-2008-3146: wireshark - Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal)...↗2008

▶

💬Community

Bugzilla

CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector↗2008-09-05

▶