CVE-2006-3628

Published: Jul 21, 2006Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

Affected (23)

Products: Ethereal Group: Ethereal · Wireshark: Wireshark

1 product

1 product

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Ethereal Group Ethereal	Version 0.10.0
Ethereal Group Ethereal	Version 0.10.0a
Ethereal Group Ethereal	Version 0.10.10
Ethereal Group Ethereal	Version 0.10.11
Ethereal Group Ethereal	Version 0.10.12
Ethereal Group Ethereal	Version 0.10.13
Ethereal Group Ethereal	Version 0.10.14
Ethereal Group Ethereal	Version 0.10.1
Ethereal Group Ethereal	Version 0.10.2
Ethereal Group Ethereal	Version 0.10.3
Ethereal Group Ethereal	Version 0.10.4
Ethereal Group Ethereal	Version 0.10.5
Ethereal Group Ethereal	Version 0.10.6
Ethereal Group Ethereal	Version 0.10.7
Ethereal Group Ethereal	Version 0.10.8
Ethereal Group Ethereal	Version 0.10.9
Ethereal Group Ethereal	Version 0.10
Ethereal Group Ethereal	Version 0.99.0
Wireshark Wireshark	Version 0.10.13
Wireshark Wireshark	Version 0.10.4
Wireshark Wireshark	Version 0.10
Wireshark Wireshark	Version 0.99.1
Wireshark Wireshark	Version 0.99

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (64)

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P (unsafe URL)

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2006-0602.html

Source: secalert@redhat.com

http://secunia.com/advisories/21078

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21107

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/21121

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/21204

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/21249

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/21467

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/21488

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/21598

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/22089

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200607-09.xml

Source: secalert@redhat.com

http://securitytracker.com/id?1016532

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm

Source: secalert@redhat.com

http://www.debian.org/security/2006/dsa-1127

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDKSA-2006:128

Source: secalert@redhat.com

http://www.novell.com/linux/security/advisories/2006_20_sr.html

Source: secalert@redhat.com

http://www.osvdb.org/27362

Source: secalert@redhat.com

http://www.osvdb.org/27363

Source: secalert@redhat.com

http://www.osvdb.org/27364

Source: secalert@redhat.com

http://www.osvdb.org/27369

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/440576/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/19051

Source: secalert@redhat.com

Patch

http://www.vupen.com/english/advisories/2006/2850

Source: secalert@redhat.com

Vendor Advisory

http://www.wireshark.org/security/wnpa-sec-2006-01.html

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/27822

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/27823

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/27824

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/27825

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/27828

Source: secalert@redhat.com

https://issues.rpath.com/browse/RPL-512

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175

Source: secalert@redhat.com

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P (unsafe URL)