CVE-2010-0304

Wireshark 0.9.15-1.0.10 and 1.2.0-1.2.5 - Denial of Service via Malformed LWRES Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2010-0304. PoCs published by Metasploit, babi, babi, jduck, redsand, including Metasploit module exploits/multi/misc/wireshark_lwres_getaddrbyname.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Wireshark's LWRES dissector (CVE-2010-0304), allowing remote code execution via a malformed UDP packet. It includes multiple targets for different platforms and versions, leveraging techniques like SEH bypass and GOT overwrites.

Description

Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16292

This exploit targets a stack-based buffer overflow in Wireshark's LWRES dissector (CVE-2010-0304), allowing remote code execution via a malformed UDP packet. It includes multiple targets for different platforms and versions, leveraging techniques like SEH bypass and GOT overwrites.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5
No auth needed
Prerequisites: Network access to target · Vulnerable Wireshark version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16289

This Metasploit module exploits a stack-based buffer overflow in Wireshark's LWRES dissector (CVE-2010-0304) via a malformed UDP packet. It includes multiple targets for different platforms and versions, leveraging techniques like SEH bypass and GOT overwrites.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5
No auth needed
Prerequisites: Network access to target · Target must process malformed LWRES packet
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by babi · pythondosmultiple
https://www.exploit-db.com/exploits/11288

This exploit targets a stack-based buffer overflow in Wireshark 1.2.5's LWRES getaddrbyname function via a maliciously crafted UDP packet. It demonstrates control over EIP on Debian 5.0.3 by sending a payload with a length of 380 bytes.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Wireshark 1.2.5
No auth needed
Prerequisites: Network access to the target host · Wireshark 1.2.5 running on Debian 5.0.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by babi, jduck, redsand · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb

This Metasploit module exploits a stack-based buffer overflow in Wireshark's LWRES dissector (CVE-2010-0304) via a malformed UDP packet. It includes multiple targets for different platforms and employs techniques like SEH bypass and GOT overwrites.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5
No auth needed
Prerequisites: Network access to target · Wireshark/tshark running with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by babi, jduck, redsand · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb

This Metasploit module exploits a stack-based buffer overflow in Wireshark's LWRES dissector (CVE-2010-0304) via a malformed UDP packet. It includes multiple targets for different platforms and uses techniques like SEH bypass for Windows and GOT overwrites for Linux.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5
No auth needed
Prerequisites: Network access to target · Wireshark/tshark with vulnerable LWRES dissector
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2010-02.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37985
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0239
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:031
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55951
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-1983
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/29/4
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38348
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38829
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/61987
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38257
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023516
Various Sources x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2010-01.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html

Scores

EPSS 0.7349
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (20)
wireshark/wireshark 0.9.15
wireshark/wireshark 1.0
wireshark/wireshark 1.0.0
wireshark/wireshark 1.0.1
wireshark/wireshark 1.0.2
wireshark/wireshark 1.0.3
wireshark/wireshark 1.0.4
wireshark/wireshark 1.0.5
wireshark/wireshark 1.0.6
wireshark/wireshark 1.0.7
... and 10 more
Published Feb 03, 2010
Tracked Since Feb 18, 2026