CVE-2010-2287Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
10.0CRITICALNVD
NVD8.3OSV8.3
EPSS
3.0%
top 13.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedJun 15
Latest updateMay 17

Description

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.2.10-1 (bookworm)+1
Debianwireshark/wireshark< 1.2.10-1+7
NVDwireshark/wireshark42 versions+41

Patches

Patch: www.vupen.comPatch: www.vupen.com

🔴Vulnerability Details

4
GHSA
GHSA-cxh7-25p5-8q7m: The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 02022-05-17
GHSA
GHSA-wj3w-79hv-x498: Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 02022-05-17
OSV
CVE-2010-2995: The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 02010-08-13
OSV
CVE-2010-2287: Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 02010-06-15

💥Exploits & PoCs

1
Exploit-DB
SoftiaCom wMailServer 1.0 - Remote Buffer Overflow (Metasploit)2010-05-09

📋Vendor Advisories

4
Red Hat
wireshark: SigComp UDVM dissector buffer overruns2010-06-09
Red Hat
wireshark: SigComp UDVM dissector buffer overruns2010-06-09
Debian
CVE-2010-2995: wireshark - The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 th...2010
Debian
CVE-2010-2287: wireshark - Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector ...2010

💬Community

1
Bugzilla
CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns2010-06-15