CVE-2008-4682

Wireshark 0.99.7-1.0.3 - Denial of Service via Malformed Tamos CommView Capture File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4682. PoCs published by Shinnok.

AI-analyzed exploit summary This exploit triggers a denial of service in Wireshark 1.0.x by providing a malformed Tamosoft CommView .ncf packet capture file, causing an assertion failure in the wtap_read function. The PoC includes a link to the malicious .ncf file.

Description

wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Shinnok · textdosmultiple

https://www.exploit-db.com/exploits/6622

View Code ZIP pw:eip

This exploit triggers a denial of service in Wireshark 1.0.x by providing a malformed Tamosoft CommView .ncf packet capture file, causing an assertion failure in the wtap_read function. The PoC includes a link to the malicious .ncf file.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark 1.0.x

No auth needed

Prerequisites: Access to the target system to load the malformed .ncf file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/499154/100/0/threaded

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32355

Third Party Advisory x_refsource_confirm

http://wiki.rpath.com/Advisories:rPSA-2008-0336

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14705

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4462

Various Sources x_refsource_misc

http://shinnok.evonet.ro/vulns_html/wireshark.html

Vendor Advisory x_refsource_confirm

http://www.wireshark.org/security/wnpa-sec-2008-06.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34144

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31838

Issue Tracking x_refsource_confirm

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2926

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10955

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-0313.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2872

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:215

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021069

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6622

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31468

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45505

Scores

EPSS 0.0929

EPSS Percentile 94.7%

Details

CWE

CWE-20

Status published

Products (7)

wireshark/wireshark 0.99.7

wireshark/wireshark 0.99.8

wireshark/wireshark 1.0

wireshark/wireshark 1.0.0

wireshark/wireshark 1.0.1

wireshark/wireshark 1.0.2

wireshark/wireshark 1.0.3

Published Oct 22, 2008

Tracked Since Feb 18, 2026