CVE-2008-3140 - OpenCVE

The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/30886	Vendor Advisory
http://secunia.com/advisories/30942
http://secunia.com/advisories/31085
http://secunia.com/advisories/31378	Vendor Advisory
http://secunia.com/advisories/31687	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200808-04.xml
http://securitytracker.com/id?1020404
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212
http://www.securityfocus.com/archive/1/493882/100/0/threaded
http://www.securityfocus.com/bid/30020
http://www.vupen.com/english/advisories/2008/1982/references
http://www.wireshark.org/security/wnpa-sec-2008-03.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/43518
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-10T23:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-07-10T00:00:00

Link: CVE-2008-3140

JSON object: View

NVD Information

Status : Modified

Published: 2008-07-10T23:41:00.000

Modified: 2018-10-11T20:47:07.113

Link: CVE-2008-3140

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an \"incomplete SS7 MSU syslog encapsulated packet.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30886", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30886"}, {"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "30942", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30942"}, {"name": "FEDORA-2008-6440", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"}, {"name": "ADV-2008-1982", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1982/references"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31687"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html"}, {"name": "GLSA-200808-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml"}, {"name": "20080703 rPSA-2008-0212-1 tshark wireshark", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212"}, {"name": "oval:org.mitre.oval:def:14700", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700"}, {"name": "30020", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30020"}, {"name": "31378", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31378"}, {"name": "wireshark-syslog-dos(43518)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43518"}, {"name": "1020404", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020404"}, {"name": "31085", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31085"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3140", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an \"incomplete SS7 MSU syslog encapsulated packet.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30886", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30886"}, {"name": "SUSE-SR:2008:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "30942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30942"}, {"name": "FEDORA-2008-6440", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"}, {"name": "ADV-2008-1982", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1982/references"}, {"name": "31687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31687"}, {"name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html"}, {"name": "GLSA-200808-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml"}, {"name": "20080703 rPSA-2008-0212-1 tshark wireshark", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212"}, {"name": "oval:org.mitre.oval:def:14700", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700"}, {"name": "30020", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30020"}, {"name": "31378", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31378"}, {"name": "wireshark-syslog-dos(43518)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43518"}, {"name": "1020404", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020404"}, {"name": "31085", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31085"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3140", "datePublished": "2008-07-10T23:00:00", "dateReserved": "2008-07-10T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "978C483C-A6F7-456F-9488-833D520D4A1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an \"incomplete SS7 MSU syslog encapsulated packet.\""}, {"lang": "es", "value": "El analizador syslog de Wireshark (formerly Ethereal) 1.0.0, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de apliaci\u00f3n) a trav\u00e9s de vectores no conocidos, posiblemente est\u00e9 relacionada con un \u201cpaquete incompleto SS7 MSU syslog encapsulado\u201d."}], "id": "CVE-2008-3140", "lastModified": "2018-10-11T20:47:07.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-10T23:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30886"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30942"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31085"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31378"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31687"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020404"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30020"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1982/references"}, {"source": "cve@mitre.org", "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43518"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14700"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5", "lastModified": "2008-07-11T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}