CVE-2009-0601

Published: Feb 16, 2009Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

Affected (7)

Products: Wireshark: Wireshark

1 product

Configuration A

7 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 0.99.8
Wireshark Wireshark	Version 1.0.0
Wireshark Wireshark	Version 1.0.1
Wireshark Wireshark	Version 1.0.2
Wireshark Wireshark	Version 1.0.3
Wireshark Wireshark	Version 1.0.4
Wireshark Wireshark	Version 1.0.5

Running on/with	Platform Versions
Apple Mac Os X	All versions
Freebsd Freebsd	All versions
Linux Linux Kernel	All versions
Netbsd Netbsd	All versions
Sun Solaris	All versions

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (20)

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/34264

Source: cve@mitre.org

Broken Link

http://wiki.rpath.com/Advisories:rPSA-2009-0040

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/501763/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/33690

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021697

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2009/0370

Source: cve@mitre.org

Third Party Advisory

http://www.wireshark.org/security/wnpa-sec-2009-01.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://issues.rpath.com/browse/RPL-2984

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/34264

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://wiki.rpath.com/Advisories:rPSA-2009-0040

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/archive/1/501763/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/33690

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021697

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2009/0370

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.wireshark.org/security/wnpa-sec-2009-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://issues.rpath.com/browse/RPL-2984

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.