CVE-2008-4685 — Wireshark vulnerability

CWE-3996 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedOct 22

Latest updateMay 14

Description

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.0.4-1 (bookworm)

▶Debianwireshark/wireshark< 1.0.4-1+3

▶NVDwireshark/wireshark23 versions+22

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-pjjj-jx9c-m2q5: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931↗2022-05-14

▶

OSV

CVE-2008-4685: Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931↗2008-10-22

▶

📋Vendor Advisories

Red Hat

wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets↗2008-09-13

▶

Debian

CVE-2008-4685: wireshark - Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q93...↗2008

▶

💬Community

Bugzilla

CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets↗2008-10-23

▶