CVE-2008-3933

Published: Sep 4, 2008Modified: Apr 23, 2026

3.3

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 6.5 / Impact: 2.9

Source: NVD

Description

Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.

Affected (22)

Products: Wireshark: Wireshark

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 0.10.14
Wireshark Wireshark	Version 0.10.2
Wireshark Wireshark	Version 0.10.3
Wireshark Wireshark	Version 0.10.4
Wireshark Wireshark	Version 0.10.5
Wireshark Wireshark	Version 0.10.6
Wireshark Wireshark	Version 0.10.7
Wireshark Wireshark	Version 0.10.8
Wireshark Wireshark	Version 0.10.9
Wireshark Wireshark	Version 0.99.0
Wireshark Wireshark	Version 0.99.1
Wireshark Wireshark	Version 0.99.2
Wireshark Wireshark	Version 0.99.3
Wireshark Wireshark	Version 0.99.4
Wireshark Wireshark	Version 0.99.5
Wireshark Wireshark	Version 0.99.6
Wireshark Wireshark	Version 0.99.6a
Wireshark Wireshark	Version 0.99.7
Wireshark Wireshark	Version 0.99.8
Wireshark Wireshark	Version 1.0.0
Wireshark Wireshark	Version 1.0.1
Wireshark Wireshark	Version 1.0.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (42)

http://secunia.com/advisories/31864

Source: secalert@redhat.com

http://secunia.com/advisories/31886

Source: secalert@redhat.com

http://secunia.com/advisories/32028

Source: secalert@redhat.com

http://secunia.com/advisories/32091

Source: secalert@redhat.com

http://secunia.com/advisories/32944

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-200809-17.xml

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm

Source: secalert@redhat.com

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278

Source: secalert@redhat.com

http://www.debian.org/security/2008/dsa-1673

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2008:199

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0890.html

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/496487/100/0/threaded

Source: secalert@redhat.com

http://www.securitytracker.com/id?1020819

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/2493

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2008/2773

Source: secalert@redhat.com

http://www.wireshark.org/security/wnpa-sec-2008-05.html

Source: secalert@redhat.com

Patch

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2649

Source: secalert@redhat.com

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2682

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9620

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00713.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00715.html

Source: secalert@redhat.com

http://secunia.com/advisories/31864

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31886

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32028

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32091

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32944

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200809-17.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1673

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2008:199

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0890.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496487/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020819

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2493

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2773

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2008-05.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2649

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2682

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9620

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00713.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00715.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.