CVE-2008-4685

EUVD-2008-4665
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
wiresharkwireshark
0.10.3
wiresharkwireshark
0.10.4
wiresharkwireshark
0.10.5
wiresharkwireshark
0.10.6
wiresharkwireshark
0.10.7
wiresharkwireshark
0.10.8
wiresharkwireshark
0.10.9
wiresharkwireshark
0.99
wiresharkwireshark
0.99.0
wiresharkwireshark
0.99.1
wiresharkwireshark
0.99.2
wiresharkwireshark
0.99.3
wiresharkwireshark
0.99.4
wiresharkwireshark
0.99.5
wiresharkwireshark
0.99.6
wiresharkwireshark
0.99.6a:a
wiresharkwireshark
0.99.7
wiresharkwireshark
0.99.8
wiresharkwireshark
1.0
wiresharkwireshark
1.0.0
wiresharkwireshark
1.0.1
wiresharkwireshark
1.0.2
wiresharkwireshark
1.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
sid
4.4.1-1
fixed
trixie
4.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ethereal
dapper
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
wireshark
dapper
dne
gutsy
Fixed 0.99.6rel-3ubuntu0.4
released
hardy
Fixed 1.0.0-1ubuntu0.2
released
intrepid
Fixed 1.0.3-1ubuntu2.2
released
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/32355
http://secunia.com/advisories/32944
http://secunia.com/advisories/34144
http://securitytracker.com/id?1021069
http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0336
http://www.debian.org/security/2008/dsa-1673
http://www.mandriva.com/security/advisories?name=MDVSA-2008:215
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.securityfocus.com/archive/1/499154/100/0/threaded
http://www.securityfocus.com/bid/31838
http://www.vupen.com/english/advisories/2008/2872
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10788
http://secunia.com/advisories/32355
http://secunia.com/advisories/32944
http://secunia.com/advisories/34144
http://securitytracker.com/id?1021069
http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0336
http://www.debian.org/security/2008/dsa-1673
http://www.mandriva.com/security/advisories?name=MDVSA-2008:215
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.securityfocus.com/archive/1/499154/100/0/threaded
http://www.securityfocus.com/bid/31838
http://www.vupen.com/english/advisories/2008/2872
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10788