Multiple Format String Vulnerabilities in Wireshark from The Wireshark Foundation
CVE-2006-3628

Currently unrated

Key Information:

Vendor: Ethereal Group
Status: Ethereal; Wireshark
Vendor: CVE Published:; 21 July 2006

🔔 Create Ethereal Group Vulnerability Alert

What is CVE-2006-3628?

Wireshark, a renowned packet analysis tool, is impacted by multiple format string vulnerabilities across its versions from 0.10.x to 0.99.0. Exploitation of these vulnerabilities can lead to denial of service situations and potential execution of arbitrary code. Specifically, this includes the vulnerabilities found in the ANSI MAP, Checkpoint FW-1, MQ, XML, and NTP dissectors, which can be leveraged by remote attackers to compromise system integrity.

References

ftp://patches.sgi.com/support/free/security/advisories/20...

vendor-advisoryx_refsource_SGI

http://rhn.redhat.com/errata/RHSA-2006-0602.html

vendor-advisoryx_refsource_REDHAT

http://www.novell.com/linux/security/advisories/2006_20_s...

vendor-advisoryx_refsource_SUSE

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2006
Vulnerability Reserved
Jul 17, 2006