CVE-2008-1072

EUVD-2008-1083
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
wiresharkwireshark
0.6
wiresharkwireshark
0.7.9
wiresharkwireshark
0.8.16
wiresharkwireshark
0.9.10
wiresharkwireshark
0.10
wiresharkwireshark
0.10.4
wiresharkwireshark
0.10.13
wiresharkwireshark
0.99
wiresharkwireshark
0.99.1
wiresharkwireshark
0.99.2
wiresharkwireshark
0.99.3
wiresharkwireshark
0.99.4
wiresharkwireshark
0.99.5
wiresharkwireshark
0.99.6
wiresharkwireshark
0.99.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
etch
not-affected
sarge
not-affected
sid
4.4.1-1
fixed
trixie
4.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ethereal
dapper
ignored
edgy
dne
feisty
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
wireshark
dapper
dne
edgy
ignored
feisty
ignored
gutsy
Fixed 0.99.6rel-3ubuntu0.2
released
hardy
Fixed 0.99.8-1
released
intrepid
Fixed 0.99.8-1
released
jaunty
Fixed 0.99.8-1
released
karmic
Fixed 0.99.8-1
released
References
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29156
http://secunia.com/advisories/29188
http://secunia.com/advisories/29223
http://secunia.com/advisories/29242
http://secunia.com/advisories/29511
http://secunia.com/advisories/29736
http://secunia.com/advisories/32091
http://security.gentoo.org/glsa/glsa-200803-32.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:057
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.securityfocus.com/archive/1/488967/100/0/threaded
http://www.securityfocus.com/bid/28025
http://www.securitytracker.com/id?1019515
http://www.vupen.com/english/advisories/2008/0704
http://www.vupen.com/english/advisories/2008/2773
http://www.wireshark.org/security/wnpa-sec-2008-01.html
https://issues.rpath.com/browse/RPL-2296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29156
http://secunia.com/advisories/29188
http://secunia.com/advisories/29223
http://secunia.com/advisories/29242
http://secunia.com/advisories/29511
http://secunia.com/advisories/29736
http://secunia.com/advisories/32091
http://security.gentoo.org/glsa/glsa-200803-32.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0092
http://www.mandriva.com/security/advisories?name=MDVSA-2008:057
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.securityfocus.com/archive/1/488967/100/0/threaded
http://www.securityfocus.com/bid/28025
http://www.securitytracker.com/id?1019515
http://www.vupen.com/english/advisories/2008/0704
http://www.vupen.com/english/advisories/2008/2773
http://www.wireshark.org/security/wnpa-sec-2008-01.html
https://issues.rpath.com/browse/RPL-2296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html