CVE-2008-5285Infinite Loop in Wireshark

CWE-399CWE-835Infinite LoopCWE-20Improper Input Validation7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
2.4%
top 14.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedDec 1
Latest updateMay 14

Description

Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.0.5-1 (bookworm)
Debianwireshark/wireshark< 1.0.5-1+3
NVDwireshark/wireshark1.0.4+40

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-q24w-77p5-v6q8: Wireshark 12022-05-14
OSV
CVE-2008-5285: Wireshark 12008-12-01

📋Vendor Advisories

2
Red Hat
wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request2008-11-22
Debian
CVE-2008-5285: wireshark - Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service...2008

📐Framework References

1
CWE
Improper Input Validation

💬Community

1
Bugzilla
CVE-2008-5285 wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request2008-11-24