CVE-2009-4377

EUVD-2009-4345
The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service (crash) via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
wiresharkwireshark
0.9.2
wiresharkwireshark
0.9.5
wiresharkwireshark
0.9.6
wiresharkwireshark
0.9.7
wiresharkwireshark
0.9.8
wiresharkwireshark
0.9.10
wiresharkwireshark
0.9.14
wiresharkwireshark
0.99
wiresharkwireshark
0.99.0
wiresharkwireshark
0.99.1
wiresharkwireshark
0.99.2
wiresharkwireshark
0.99.3
wiresharkwireshark
0.99.4
wiresharkwireshark
0.99.5
wiresharkwireshark
0.99.6
wiresharkwireshark
0.99.6a:a
wiresharkwireshark
0.99.7
wiresharkwireshark
0.99.8
wiresharkwireshark
0.99.9
wiresharkwireshark
1.0
wiresharkwireshark
1.0.0
wiresharkwireshark
1.0.1
wiresharkwireshark
1.0.2
wiresharkwireshark
1.0.3
wiresharkwireshark
1.0.4
wiresharkwireshark
1.0.5
wiresharkwireshark
1.0.6
wiresharkwireshark
1.0.7
wiresharkwireshark
1.0.8
wiresharkwireshark
1.0.9
wiresharkwireshark
1.2
wiresharkwireshark
1.2.0
wiresharkwireshark
1.2.1
wiresharkwireshark
1.2.2
wiresharkwireshark
1.2.3
wiresharkwireshark
1.2.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
etch
no-dsa
sid
4.4.1-1
fixed
trixie
4.4.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
dapper
dne
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
References
http://osvdb.org/61178
http://secunia.com/advisories/37842
http://secunia.com/advisories/37916
http://www.debian.org/security/2009/dsa-1983
http://www.mandriva.com/security/advisories?name=MDVSA-2010:031
http://www.securityfocus.com/bid/37407
http://www.securitytracker.com/id?1023374
http://www.vupen.com/english/advisories/2009/3596
http://www.wireshark.org/security/wnpa-sec-2009-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html
http://osvdb.org/61178
http://secunia.com/advisories/37842
http://secunia.com/advisories/37916
http://www.debian.org/security/2009/dsa-1983
http://www.mandriva.com/security/advisories?name=MDVSA-2010:031
http://www.securityfocus.com/bid/37407
http://www.securitytracker.com/id?1023374
http://www.vupen.com/english/advisories/2009/3596
http://www.wireshark.org/security/wnpa-sec-2009-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html