CVE-2009-0601 — Use of Externally-Controlled Format String in Wireshark

CWE-134 — Use of Externally-Controlled Format String6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 87.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedFeb 16

Latest updateMay 2

Description

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.0.6-1 (bookworm)

▶Debianwireshark/wireshark< 1.0.6-1+3

▶NVDwireshark/wireshark7 versions+6

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-43gp-2vcj-4vxj: Format string vulnerability in Wireshark 0↗2022-05-02

▶

OSV

CVE-2009-0601: Format string vulnerability in Wireshark 0↗2009-02-16

▶

📋Vendor Advisories

Red Hat

wireshark: denial of service (application crash) via format string specifiers in the HOME environment variable.↗2009-02-06

▶

Debian

CVE-2009-0601: wireshark - Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows pla...↗2009

▶

💬Community

Bugzilla

CVE-2009-0601 wireshark: denial of service (application crash) via format string specifiers in the HOME environment variable.↗2009-02-17

▶