CVE-2008-1072

The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
wiresharkwireshark
0.6
wiresharkwireshark
0.7.9
wiresharkwireshark
0.8.16
wiresharkwireshark
0.9.10
wiresharkwireshark
0.10
wiresharkwireshark
0.10.4
wiresharkwireshark
0.10.13
wiresharkwireshark
0.99
wiresharkwireshark
0.99.1
wiresharkwireshark
0.99.2
wiresharkwireshark
0.99.3
wiresharkwireshark
0.99.4
wiresharkwireshark
0.99.5
wiresharkwireshark
0.99.6
wiresharkwireshark
0.99.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
etch
not-affected
sarge
not-affected
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ethereal
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
dne
edgy
dne
dapper
ignored
wireshark
karmic
Fixed 0.99.8-1
released
jaunty
Fixed 0.99.8-1
released
intrepid
Fixed 0.99.8-1
released
hardy
Fixed 0.99.8-1
released
gutsy
Fixed 0.99.6rel-3ubuntu0.2
released
feisty
ignored
edgy
ignored
dapper
dne
References
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29156
http://secunia.com/advisories/29188
http://secunia.com/advisories/29223
http://secunia.com/advisories/29242
http://secunia.com/advisories/29511
http://secunia.com/advisories/29736
http://secunia.com/advisories/32091
http://security.gentoo.org/glsa/glsa-200803-32.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:057
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.securityfocus.com/archive/1/488967/100/0/threaded
http://www.securityfocus.com/bid/28025
http://www.securitytracker.com/id?1019515
http://www.vupen.com/english/advisories/2008/0704
http://www.vupen.com/english/advisories/2008/2773
http://www.wireshark.org/security/wnpa-sec-2008-01.html
https://issues.rpath.com/browse/RPL-2296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29156
http://secunia.com/advisories/29188
http://secunia.com/advisories/29223
http://secunia.com/advisories/29242
http://secunia.com/advisories/29511
http://secunia.com/advisories/29736
http://secunia.com/advisories/32091
http://security.gentoo.org/glsa/glsa-200803-32.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:057
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.securityfocus.com/archive/1/488967/100/0/threaded
http://www.securityfocus.com/bid/28025
http://www.securitytracker.com/id?1019515
http://www.vupen.com/english/advisories/2008/0704
http://www.vupen.com/english/advisories/2008/2773
http://www.wireshark.org/security/wnpa-sec-2008-01.html
https://issues.rpath.com/browse/RPL-2296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html