CVE-2008-4685

Wireshark 0.10.3-1.0.3 - Use-After-Free in Q.931 Dissector

Title source: llm

Description

Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.

References (15)

Core 15

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/499154/100/0/threaded

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32355

Third Party Advisory x_refsource_confirm

http://wiki.rpath.com/Advisories:rPSA-2008-0336

Various Sources x_refsource_confirm

http://www.wireshark.org/security/wnpa-sec-2008-06.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34144

Issue Tracking x_refsource_confirm

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31838

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32944

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-0313.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2872

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:215

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021069

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1673

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10788

Scores

EPSS 0.0110

EPSS Percentile 78.3%

Details

CWE

CWE-399

Status published

Products (23)

wireshark/wireshark 0.10.3

wireshark/wireshark 0.10.4

wireshark/wireshark 0.10.5

wireshark/wireshark 0.10.6

wireshark/wireshark 0.10.7

wireshark/wireshark 0.10.8

wireshark/wireshark 0.10.9

wireshark/wireshark 0.99

wireshark/wireshark 0.99.0

wireshark/wireshark 0.99.1

... and 13 more

Published Oct 22, 2008

Tracked Since Feb 18, 2026