CVE-2006-4331 - OpenCVE

Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/21597	Patch Vendor Advisory
http://secunia.com/advisories/21619
http://secunia.com/advisories/21649
http://secunia.com/advisories/21682
http://secunia.com/advisories/21885
http://secunia.com/advisories/22378
http://security.gentoo.org/glsa/glsa-200608-26.xml
http://securitytracker.com/id?1016736	Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm
http://www.kb.cert.org/vuls/id/638376	US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:152
http://www.redhat.com/support/errata/RHSA-2006-0658.html
http://www.securityfocus.com/bid/19690	Patch
http://www.vupen.com/english/advisories/2006/3370
http://www.wireshark.org/security/wnpa-sec-2006-02.html	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10125
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14587

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2006-08-24T20:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2006-08-24T00:00:00

Link: CVE-2006-4331

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-24T20:04:00.000

Modified: 2017-10-11T01:31:11.220

Link: CVE-2006-4331

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2006-3370", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3370"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm"}, {"name": "21682", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21682"}, {"name": "oval:org.mitre.oval:def:14587", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14587"}, {"name": "19690", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19690"}, {"name": "oval:org.mitre.oval:def:10125", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10125"}, {"name": "1016736", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016736"}, {"name": "RHSA-2006:0658", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0658.html"}, {"name": "21649", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21649"}, {"name": "MDKSA-2006:152", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:152"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/security/wnpa-sec-2006-02.html"}, {"name": "21619", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21619"}, {"name": "GLSA-200608-26", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200608-26.xml"}, {"name": "wireshark-esp-offbyone(28553)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28553"}, {"name": "VU#638376", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/638376"}, {"name": "21885", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21885"}, {"name": "21597", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21597"}, {"name": "22378", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22378"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-4331", "datePublished": "2006-08-24T20:00:00", "dateReserved": "2006-08-24T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "31C43A78-E578-4B1C-8E33-24529E973E30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples errores de superaci\u00f3n de l\u00edmite (off-by-one) en el analizador de preferencias ESP de IPSec. en Wireshark (anteriormente Ethereal) 0.99.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2006-4331", "lastModified": "2017-10-11T01:31:11.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-24T20:04:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21597"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/21619"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/21649"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/21682"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/21885"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/22378"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200608-26.xml"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://securitytracker.com/id?1016736"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/638376"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:152"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2006-0658.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19690"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/3370"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.wireshark.org/security/wnpa-sec-2006-02.html"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28553"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10125"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14587"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}