Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4538 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

9.3CRITICALNVD

EPSS

44.5%

top 2.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJan 7

Latest updateMay 17

Description

Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.11-6 (bookworm)

▶Debianwireshark/wireshark< 1.2.11-6+3

▶NVDwireshark/wireshark1.4.2

Patches

Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-62gg-qf9h-q3jx: Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec↗2022-05-17

▶

OSV

CVE-2010-4538: Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec↗2011-01-07

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - ENTTEC DMX Data RLE Buffer Overflow↗2011-01-03

▶

📋Vendor Advisories

Red Hat

Wireshark: Stack-based array index error in ENTTEC dissector (upstream bug #5539)↗2010-12-31

▶

Debian

CVE-2010-4538: wireshark - Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-ent...↗2010

▶

💬Community

Bugzilla

CVE-2010-4538 Wireshark: Stack-based array index error in ENTTEC dissector (upstream bug #5539)↗2011-01-03

▶

Bugzilla

CVE-2009-4538 kernel: e1000e frame fragment issue↗2009-12-29

▶