CVE-2010-2284 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

10.0CRITICALNVD

NVD8.3OSV8.3

EPSS

3.0%

top 13.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 15

Latest updateMay 17

Description

Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.9-1 (bookworm)+1

▶Debianwireshark/wireshark< 1.2.10-1+7

▶NVDwireshark/wireshark37 versions+36

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-5x4j-j8vc-crqg: Buffer overflow in the ASN↗2022-05-17

▶

GHSA

GHSA-56g9-w9r4-jc7v: Stack-based buffer overflow in the ASN↗2022-05-17

▶

OSV

CVE-2010-2994: Stack-based buffer overflow in the ASN↗2010-08-13

▶

OSV

CVE-2010-2284: Buffer overflow in the ASN↗2010-06-15

▶

📋Vendor Advisories

Red Hat

wireshark: ASN.1 BER dissector stack overrun↗2010-06-09

▶

Debian

CVE-2010-2284: wireshark - Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 a...↗2010

▶

Debian

CVE-2010-2994: wireshark - Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 thro...↗2010

▶

💬Community

Bugzilla

CVE-2010-2284 wireshark: ASN.1 BER dissector stack overrun↗2010-06-15

▶