Red Hat Bugzilla – Bug 604299
CVE-2010-2285 wireshark: SMB PIPE dissector NULL pointer dereference
Last modified: 2016-03-04 05:48:00 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2285 to
the following vulnerability:
Reference: MLIST:[oss-security] 20100610 CVE request for new wireshark vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/11/1
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-05.html
Reference: CONFIRM: http://www.wireshark.org/security/wnpa-sec-2010-06.html
Reference: URL: http://www.mandriva.com/security/advisories?name=MDVSA-2010:113
Reference: URL: http://secunia.com/advisories/40112
Reference: URL: http://www.vupen.com/english/advisories/2010/1418
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0
through 1.2.8 allows remote attackers to cause a denial of service
(NULL pointer dereference) via unknown vectors.
Created wireshark tracking bugs for this issue
Affects: fedora-all [bug 549580]
This is a *printf("%s", NULL) flaw. This leads to crash on some platforms, but this problem does not affect glibc printf functions implementation.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.