What is CVE-2010-0304?

CVE-2010-0304 is a vulnerability in Wireshark, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-02-03.

Is CVE-2010-0304 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Wireshark

CVE-2010-0304

Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer over…

Vulnerability class: Buffer Overflow

EPSS: 0.798 (99.1th percentile) — read the EPSS interpretation.

Affected products

Wireshark — versions 1.0.6, 1.2, 1.0.7
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_MISC)
FEDORA-2010-3556 (vendor-advisory, x_refsource_FEDORA)
61987 (x_refsource_OSVDB, vdb-entry)
38257 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
38348 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
38829 (x_refsource_SECUNIA, third-party-advisory)
DSA-1983 (vendor-advisory, x_refsource_DEBIAN)
MDVSA-2010:031 (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_MISC)
[oss-security] 20100129 Re: CVE id request: Wireshark (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2010-0304?: CVE-2010-0304 is a vulnerability in Wireshark, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2010-02-03.
Is CVE-2010-0304 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.