CVE-2010-3445 — Wireshark vulnerability

CWE-3997 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.5%

top 19.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedNov 26

Latest updateMay 17

Description

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.11-3 (bookworm)

▶Debianwireshark/wireshark< 1.2.11-3+3

▶NVDwireshark/wireshark13 versions+12

🔴Vulnerability Details

GHSA

GHSA-27pv-p83w-4xp4: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber↗2022-05-17

▶

OSV

CVE-2010-3445: Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber↗2010-11-26

▶

📋Vendor Advisories

Red Hat

wireshark: stack overflow in BER dissector↗2010-09-13

▶

Debian

CVE-2010-3445: wireshark - Stack consumption vulnerability in the dissect_ber_unknown function in epan/diss...↗2010

▶

💬Community

Bugzilla

CVE-2011-0538 CVE-2010-3445 CVE-2011-1143 CVE-2011-1140 CVE-2011-1138 CVE-2011-1139 wireshark various flaws [fedora-all]↗2011-02-11

▶

Bugzilla

CVE-2010-3445 wireshark: stack overflow in BER dissector↗2010-10-01

▶