CVE-2010-4301 - OpenCVE

epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark:1.4.0:::::::*
	cpe:2.3:a:wireshark:wireshark:1.4.1:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/69355
http://secunia.com/advisories/42290	Vendor Advisory
http://secunia.com/advisories/42877
http://secunia.com/advisories/43068
http://www.exploit-db.com/exploits/15973
http://www.securityfocus.com/bid/44986
http://www.vupen.com/english/advisories/2010/3038	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0212
http://www.wireshark.org/security/wnpa-sec-2010-14.html	Vendor Advisory
https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5315&action=edit	Patch
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5303	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14713

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-11-26T18:23:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-11-22T00:00:00

Link: CVE-2010-4301

JSON object: View

NVD Information

Status : Modified

Published: 2010-11-26T19:00:09.627

Modified: 2017-09-19T01:31:43.347

Link: CVE-2010-4301

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2011:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"}, {"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43068"}, {"name": "44986", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44986"}, {"name": "42290", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42290"}, {"name": "oval:org.mitre.oval:def:14713", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14713"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5303"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5315&action=edit"}, {"name": "69355", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69355"}, {"name": "42877", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42877"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/security/wnpa-sec-2010-14.html"}, {"name": "ADV-2011-0076", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0076"}, {"name": "ADV-2010-3038", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3038"}, {"name": "15973", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/15973"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2011:001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"}, {"name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068"}, {"name": "44986", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44986"}, {"name": "42290", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42290"}, {"name": "oval:org.mitre.oval:def:14713", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14713"}, {"name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5303", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5303"}, {"name": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5315&action=edit", "refsource": "MISC", "url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5315&action=edit"}, {"name": "69355", "refsource": "OSVDB", "url": "http://osvdb.org/69355"}, {"name": "42877", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42877"}, {"name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "http://www.wireshark.org/security/wnpa-sec-2010-14.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2010-14.html"}, {"name": "ADV-2011-0076", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0076"}, {"name": "ADV-2010-3038", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3038"}, {"name": "15973", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/15973"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4301", "datePublished": "2010-11-26T18:23:00", "dateReserved": "2010-11-22T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "ABB6F1D5-64CC-474D-B123-818080ED7903", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5E0F58D-4CE5-4051-A0F6-9BFA2FC0D2DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes."}, {"lang": "es", "value": "epan/dissectors/packet-zbee-zcl.c en el disector de ZigBee ZCL en Wireshark v1.4.0 hasta v1.4.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un paquete ZCL manipulado, relacionado con Discover Attributes."}], "id": "CVE-2010-4301", "lastModified": "2017-09-19T01:31:43.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-11-26T19:00:09.627", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/69355"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42290"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42877"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43068"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/15973"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/44986"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3038"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0076"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.wireshark.org/security/wnpa-sec-2010-14.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5315&action=edit"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5303"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14713"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}