CVE-2010-2286 — Infinite Loop in Wireshark

CWE-399 CWE-835 — Infinite Loop6 documents6 sources

Severity

3.3LOWNVD

EPSS

1.0%

top 22.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 15

Latest updateMay 17

Description

The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.9-1 (bookworm)

▶Debianwireshark/wireshark< 1.2.9-1+3

▶NVDwireshark/wireshark41 versions+40

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-mvxw-3948-pfh6: The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0↗2022-05-17

▶

OSV

CVE-2010-2286: The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0↗2010-06-15

▶

📋Vendor Advisories

Red Hat

wireshark: SigComp UDVM dissector infinite loop↗2010-06-09

▶

Debian

CVE-2010-2286: wireshark - The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7...↗2010

▶

💬Community

Bugzilla

CVE-2010-2286 wireshark: SigComp UDVM dissector infinite loop↗2010-06-15

▶