CVE-2010-0304 — Vulnetix

Try Vulnetix Request Demo

CVE-2010-0304 PUBLISHED KEV CVSS 7.5 HIGH

Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.

EPSS 74.71% · 98.8th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

74.71%

98.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
wireshark	wireshark	0.9.15, 1.0, 1.0.0

Timeline

Jan 29, 2010 PoC Published
Feb 3, 2010 CVE Published
Feb 11, 2010 PoC Published
Nov 24, 2010 PoC Published
May 29, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

DSA-1983 vendor-advisory
http://www.wireshark.org/security/wnpa-sec-2010-02.html url
[oss-security] 20100129 Re: CVE id request: Wireshark mailing-list
http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname url
38348 third-party-advisory
38829 third-party-advisory
37985 vdb
oval:org.mitre.oval:def:9933 vdb
61987 vdb
38257 third-party-advisory
ADV-2010-0239 vdb
http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h url
1023516 vdb
MDVSA-2010:031 vendor-advisory
wireshark-lwres-bo(55951) vdb
http://www.wireshark.org/security/wnpa-sec-2010-01.html url
oval:org.mitre.oval:def:8490 vdb
FEDORA-2010-3556 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2010-0304 advisory

Open in Interactive Console →