PT-2008-5896 · Wireshark+1 · Wireshark+1

Florent Drouin

Published

2008-10-22

Updated

2018-10-11

CVE-2008-4683

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Wireshark versions 0.99.2 through 1.0.3

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash or abort, by sending a packet with an invalid length. This is related to an erroneous tvb memcpy call in the dissect btacl function within the Bluetooth ACL dissector.

Recommendations For Wireshark versions 0.99.2 through 1.0.3, consider updating to a version where this issue is fixed, as using a packet with an invalid length could cause the application to crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-4683

DSA-1673-1

RHSA-2009:0313

RHSA-2009_0313

Affected Products

Red Hat

Wireshark

PT-2008-5896 · Wireshark+1 · Wireshark+1

CVE-2008-4683

Weakness Enumeration

Related Identifiers

Affected Products

References · 34