Executive Summary

Informations
Name	CVE-2010-2287	First vendor Publication	2010-06-15
Vendor	Cve	Last vendor Modification	2011-02-17

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	8.3	Attack Range	Adjacent network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	6.5	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:11836
Oval ID:	oval:org.mitre.oval:def:11836
Title:	Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
Description:	Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-2287	Version:	9
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Check for version of Wireshark installed on the system is 0.8.20 through 1.0.14 and 1.2.0 through 1.2.9

CPE : Common Platform Enumeration

Type	Description	Count
Application	Wireshark Wireshark cpe:/a:wireshark:wireshark:1.2.8 cpe:/a:wireshark:wireshark:1.2.7 cpe:/a:wireshark:wireshark:1.2.6 cpe:/a:wireshark:wireshark:1.2.5 cpe:/a:wireshark:wireshark:1.2.4 cpe:/a:wireshark:wireshark:1.2.3 cpe:/a:wireshark:wireshark:1.2.2 cpe:/a:wireshark:wireshark:1.2.1 cpe:/a:wireshark:wireshark:1.2.0 cpe:/a:wireshark:wireshark:1.0.9 cpe:/a:wireshark:wireshark:1.0.8 cpe:/a:wireshark:wireshark:1.0.7 cpe:/a:wireshark:wireshark:1.0.6 cpe:/a:wireshark:wireshark:1.0.5 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.13 cpe:/a:wireshark:wireshark:1.0.12 cpe:/a:wireshark:wireshark:1.0.11 cpe:/a:wireshark:wireshark:1.0.10 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:0.99.7 cpe:/a:wireshark:wireshark:0.99.6 cpe:/a:wireshark:wireshark:0.99.5 cpe:/a:wireshark:wireshark:0.99.4 cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.2 cpe:/a:wireshark:wireshark:0.99.1 cpe:/a:wireshark:wireshark:0.99.0 cpe:/a:wireshark:wireshark:0.10.9 cpe:/a:wireshark:wireshark:0.10.8 cpe:/a:wireshark:wireshark:0.10.14 cpe:/a:wireshark:wireshark:0.10.13 cpe:/a:wireshark:wireshark:0.10.12 cpe:/a:wireshark:wireshark:0.10.11 cpe:/a:wireshark:wireshark:0.10.10	39

Open Source Vulnerability Database (OSVDB)

id	Description
65375	Wireshark SigComp Universal Decompressor Virtual Machine Overflow

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/40728
CONFIRM	http://www.wireshark.org/security/wnpa-sec-2010-05.html http://www.wireshark.org/security/wnpa-sec-2010-06.html
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:113 http://www.mandriva.com/security/advisories?name=MDVSA-2010:144
MLIST	http://www.openwall.com/lists/oss-security/2010/06/11/1
SECUNIA	http://secunia.com/advisories/40112 http://secunia.com/advisories/42877 http://secunia.com/advisories/43068
SUSE	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
VUPEN	http://www.vupen.com/english/advisories/2010/1418 http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0212

Alert History

Date	Informations
2013-05-10 23:27:15	Multiple Updates