CVE-2009-4377

Published: Dec 21, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.

Affected (36)

Products: Wireshark: Wireshark

1 product

Configuration A

36 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 0.9.10
Wireshark Wireshark	Version 0.9.14
Wireshark Wireshark	Version 0.9.2
Wireshark Wireshark	Version 0.9.5
Wireshark Wireshark	Version 0.9.6
Wireshark Wireshark	Version 0.9.7
Wireshark Wireshark	Version 0.9.8
Wireshark Wireshark	Version 0.99.0
Wireshark Wireshark	Version 0.99.1
Wireshark Wireshark	Version 0.99.2
Wireshark Wireshark	Version 0.99.3
Wireshark Wireshark	Version 0.99.4
Wireshark Wireshark	Version 0.99.5
Wireshark Wireshark	Version 0.99.6
Wireshark Wireshark	Version 0.99.6a
Wireshark Wireshark	Version 0.99.7
Wireshark Wireshark	Version 0.99.8
Wireshark Wireshark	Version 0.99.9
Wireshark Wireshark	Version 0.99
Wireshark Wireshark	Version 1.0.0
Wireshark Wireshark	Version 1.0.1
Wireshark Wireshark	Version 1.0.2
Wireshark Wireshark	Version 1.0.3
Wireshark Wireshark	Version 1.0.4
Wireshark Wireshark	Version 1.0.5
Wireshark Wireshark	Version 1.0.6
Wireshark Wireshark	Version 1.0.7
Wireshark Wireshark	Version 1.0.8
Wireshark Wireshark	Version 1.0.9
Wireshark Wireshark	Version 1.0
Wireshark Wireshark	Version 1.2.0
Wireshark Wireshark	Version 1.2.1
Wireshark Wireshark	Version 1.2.2
Wireshark Wireshark	Version 1.2.3
Wireshark Wireshark	Version 1.2.4
Wireshark Wireshark	Version 1.2

References (24)

http://osvdb.org/61178

Source: cve@mitre.org

http://secunia.com/advisories/37842

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/37916

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1983

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2010:031

Source: cve@mitre.org

http://www.securityfocus.com/bid/37407

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1023374

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/3596

Source: cve@mitre.org

Vendor Advisory

http://www.wireshark.org/security/wnpa-sec-2009-09.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301

Source: cve@mitre.org

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html

Source: cve@mitre.org

http://osvdb.org/61178

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37842

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/37916

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1983

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:031

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/37407

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1023374

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/3596

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.wireshark.org/security/wnpa-sec-2009-09.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.