CVE-2010-2285 — NULL Pointer Dereference in Wireshark

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

3.3LOWNVD

EPSS

0.5%

top 34.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 15

Latest updateMay 17

Description

The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.9-1 (bookworm)

▶Debianwireshark/wireshark< 1.2.9-1+3

▶NVDwireshark/wireshark35 versions+34

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-6fxr-gg36-rpjr: The SMB PIPE dissector in Wireshark 0↗2022-05-17

▶

OSV

CVE-2010-2285: The SMB PIPE dissector in Wireshark 0↗2010-06-15

▶

📋Vendor Advisories

Red Hat

wireshark: SMB PIPE dissector NULL pointer dereference↗2010-06-09

▶

Debian

CVE-2010-2285: wireshark - The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2....↗2010

▶

💬Community

Bugzilla

CVE-2010-2285 wireshark: SMB PIPE dissector NULL pointer dereference↗2010-06-15

▶