Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0304Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources
Severity
7.5HIGHNVD
EPSS
74.7%
top 1.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedFeb 3
Latest updateMay 2

Description

Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.2.6-1 (bookworm)
Debianwireshark/wireshark< 1.2.6-1+3
NVDwireshark/wireshark20 versions+19

Patches

Patch: www.vupen.comPatch: www.vupen.com

🔴Vulnerability Details

2
GHSA
GHSA-jpr3-gg36-wv7f: Multiple buffer overflows in the LWRES dissector in Wireshark 02022-05-02
OSV
CVE-2010-0304: Multiple buffer overflows in the LWRES dissector in Wireshark 02010-02-03

💥Exploits & PoCs

5
Exploit-DB
Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Loop) (Metasploit)2010-11-24
Exploit-DB
Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Metasploit)2010-02-11
Exploit-DB
Wireshark 1.2.5 - 'LWRES getaddrbyname' Stack Buffer Overflow (PoC)2010-01-29
Metasploit
Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow
Metasploit
Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)

📋Vendor Advisories

2
Red Hat
wireshark: crash in LWRES dissector2010-01-27
Debian
CVE-2010-0304: wireshark - Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0...2010

💬Community

1
Bugzilla
CVE-2010-0304 wireshark: crash in LWRES dissector2010-01-29