RedhatCVE-2010-3445

HistoryNov 26, 2010 - 7:00 p.m.

CVE-2010-3445

2010-11-2619:00:07

CWE-399

redhat

web.nvd.nist.gov

cve-2010-3445

stack consumption

vulnerability

dissect_ber_unknown

epan

packet-ber.c

wireshark

nvd

security

asn.1

ber

snmp

remote attackers

denial of service

null pointer dereference

crash

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

Affected configurations

Nvd

Node

wiresharkwiresharkMatch1.2.0

wiresharkwiresharkMatch1.2.1

wiresharkwiresharkMatch1.2.2

wiresharkwiresharkMatch1.2.3

wiresharkwiresharkMatch1.2.4

wiresharkwiresharkMatch1.2.5

wiresharkwiresharkMatch1.2.6

wiresharkwiresharkMatch1.2.7

wiresharkwiresharkMatch1.2.8

wiresharkwiresharkMatch1.2.9

wiresharkwiresharkMatch1.2.10

wiresharkwiresharkMatch1.2.11

wiresharkwiresharkMatch1.4.0

VendorProductVersionCPE
wiresharkwireshark1.2.0cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
wiresharkwireshark1.2.1cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
wiresharkwireshark1.2.2cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*
wiresharkwireshark1.2.3cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*
wiresharkwireshark1.2.4cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*
wiresharkwireshark1.2.5cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*
wiresharkwireshark1.2.6cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*
wiresharkwireshark1.2.7cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*
wiresharkwireshark1.2.8cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*
wiresharkwireshark1.2.9cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wireshark	wireshark	1.2.0	cpe:2.3:a:wireshark:wireshark:1.2.0:::::::*
wireshark	wireshark	1.2.1	cpe:2.3:a:wireshark:wireshark:1.2.1:::::::*
wireshark	wireshark	1.2.2	cpe:2.3:a:wireshark:wireshark:1.2.2:::::::*
wireshark	wireshark	1.2.3	cpe:2.3:a:wireshark:wireshark:1.2.3:::::::*
wireshark	wireshark	1.2.4	cpe:2.3:a:wireshark:wireshark:1.2.4:::::::*
wireshark	wireshark	1.2.5	cpe:2.3:a:wireshark:wireshark:1.2.5:::::::*
wireshark	wireshark	1.2.6	cpe:2.3:a:wireshark:wireshark:1.2.6:::::::*
wireshark	wireshark	1.2.7	cpe:2.3:a:wireshark:wireshark:1.2.7:::::::*
wireshark	wireshark	1.2.8	cpe:2.3:a:wireshark:wireshark:1.2.8:::::::*
wireshark	wireshark	1.2.9	cpe:2.3:a:wireshark:wireshark:1.2.9:::::::*