CVE-2009-1210 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Affected Products (NVD)

Vendor	Product	Version
wireshark	wireshark	𝑥 ≤ 1.0.5
wireshark	wireshark	0.6
wireshark	wireshark	0.7.9
wireshark	wireshark	0.8.16
wireshark	wireshark	0.8.19
wireshark	wireshark	0.9.5
wireshark	wireshark	0.9.7
wireshark	wireshark	0.9.8
wireshark	wireshark	0.9.10
wireshark	wireshark	0.9.14
wireshark	wireshark	0.10
wireshark	wireshark	0.10.1
wireshark	wireshark	0.10.2
wireshark	wireshark	0.10.3
wireshark	wireshark	0.10.4
wireshark	wireshark	0.10.5
wireshark	wireshark	0.10.6
wireshark	wireshark	0.10.7
wireshark	wireshark	0.10.8
wireshark	wireshark	0.10.9
wireshark	wireshark	0.10.10
wireshark	wireshark	0.10.11
wireshark	wireshark	0.10.12
wireshark	wireshark	0.10.13
wireshark	wireshark	0.10.14
wireshark	wireshark	0.99
wireshark	wireshark	0.99.0
wireshark	wireshark	0.99.1
wireshark	wireshark	0.99.2
wireshark	wireshark	0.99.3
wireshark	wireshark	0.99.4
wireshark	wireshark	0.99.5
wireshark	wireshark	0.99.6
wireshark	wireshark	0.99.6a:a
wireshark	wireshark	0.99.7
wireshark	wireshark	0.99.8
wireshark	wireshark	1.0
wireshark	wireshark	1.0.0
wireshark	wireshark	1.0.1
wireshark	wireshark	1.0.2
wireshark	wireshark	1.0.3
wireshark	wireshark	1.0.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wireshark

bookworm	4.0.11-1~deb12u1 fixed
bookworm (security)	4.0.11-1~deb12u1 fixed
bullseye	3.4.10-0+deb11u1 fixed
bullseye (security)	3.4.16-0+deb11u1 fixed
etch	not-affected
sid	4.4.1-1 fixed
trixie	4.4.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

wireshark

dapper	dne
gutsy	ignored
hardy	ignored
intrepid	ignored
jaunty	ignored
karmic	ignored
lucid	not-affected
maverick	not-affected
natty	not-affected
oneiric	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libwireshark9

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 12 SP5	2.4.16-48.51.1 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 12 SP5	2.4.16-48.51.1 fixed
suse enterprise server 15	2.4.6-1.31 fixed

libwiretap7

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 12 SP5	2.4.16-48.51.1 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 12 SP5	2.4.16-48.51.1 fixed
suse enterprise server 15	2.4.6-1.31 fixed

libwscodecs1

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 12 SP5	2.4.16-48.51.1 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 12 SP5	2.4.16-48.51.1 fixed
suse enterprise server 15	2.4.6-1.31 fixed

libwsutil8

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 12 SP5	2.4.16-48.51.1 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 12 SP5	2.4.16-48.51.1 fixed
suse enterprise server 15	2.4.6-1.31 fixed

wireshark

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 12 SP5	2.4.16-48.51.1 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 12 SP5	2.4.16-48.51.1 fixed
suse enterprise server 15	2.4.6-1.31 fixed

wireshark-devel

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 15	2.4.6-1.31 fixed

wireshark-gtk

suse enterprise sap 12 SP5	2.4.16-48.51.1 fixed
suse enterprise server 12 SP5	2.4.16-48.51.1 fixed

wireshark-ui-qt

suse enterprise desktop 15	2.4.6-1.31 fixed
suse enterprise sap 15	2.4.6-1.31 fixed
suse enterprise server 15	2.4.6-1.31 fixed

Known Exploits!

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://secunia.com/advisories/34542

http://secunia.com/advisories/34778

http://secunia.com/advisories/34970

http://secunia.com/advisories/35133

http://secunia.com/advisories/35224

http://secunia.com/advisories/35416

http://secunia.com/advisories/35464

http://wiki.rpath.com/Advisories:rPSA-2009-0062

http://www.debian.org/security/2009/dsa-1785

http://www.mandriva.com/security/advisories?name=MDVSA-2009:088

http://www.redhat.com/support/errata/RHSA-2009-1100.html

http://www.securityfocus.com/archive/1/502745/100/0/threaded

http://www.securityfocus.com/bid/34291

http://www.wireshark.org/security/wnpa-sec-2009-02.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/49512

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526

https://www.exploit-db.com/exploits/8308

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

http://secunia.com/advisories/34542

http://secunia.com/advisories/34778

http://secunia.com/advisories/34970

http://secunia.com/advisories/35133

http://secunia.com/advisories/35224

http://secunia.com/advisories/35416

http://secunia.com/advisories/35464

http://wiki.rpath.com/Advisories:rPSA-2009-0062

http://www.debian.org/security/2009/dsa-1785

http://www.mandriva.com/security/advisories?name=MDVSA-2009:088

http://www.redhat.com/support/errata/RHSA-2009-1100.html

http://www.securityfocus.com/archive/1/502745/100/0/threaded

http://www.securityfocus.com/bid/34291

http://www.wireshark.org/security/wnpa-sec-2009-02.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/49512

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526

https://www.exploit-db.com/exploits/8308

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html