PT-2009-3242 · Wireshark · Wireshark
Babi
·
Publicado
2009-02-16
·
Atualizado
2024-05-17
·
CVE-2009-0601
CVSS v2.0
2.1
Baixa
| Vetor | AV:L/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Wireshark versions 0.99.8 through 1.0.5
Description
The issue allows local users to cause a denial of service, resulting in an application crash, by utilizing format string specifiers in the HOME environment variable. This is a format string vulnerability that affects non-Windows platforms.
Recommendations
For Wireshark versions 0.99.8 through 1.0.5, consider updating to a version outside of this range to resolve the issue. As a temporary workaround, restrict the use of format string specifiers in the HOME environment variable to minimize the risk of exploitation.
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wireshark