CVE-2010-2994 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

10.0CRITICALNVD

OSV8.3

EPSS

0.8%

top 26.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedAug 13

Latest updateMay 17

Description

Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.10-1 (bookworm)

▶Debianwireshark/wireshark< 1.2.10-1+3

▶NVDwireshark/wireshark28 versions+27

🔴Vulnerability Details

GHSA

GHSA-56g9-w9r4-jc7v: Stack-based buffer overflow in the ASN↗2022-05-17

▶

OSV

CVE-2010-2994: Stack-based buffer overflow in the ASN↗2010-08-13

▶

📋Vendor Advisories

Debian

CVE-2010-2994: wireshark - Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 thro...↗2010

▶

💬Community

Bugzilla

CVE-2010-2992 CVE-2010-2993 wireshark: 1.2.10 corrects multiple vulnerabilities↗2010-08-12

▶