CVE-2008-3139

CVE	CVE-2008-3139
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-07-10 23:41:00 UTC
Updated	2018-10-11 20:47:00 UTC
Description	The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.

Problem Types: CWE-200 | NVD-CWE-noinfo

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rpath	Rpath Linux	1	All	All	All
Application	Rpath	Rpath Linux	1	All	All	All
Application	Wireshark	Wireshark	0.9.5	All	All	All
Application	Wireshark	Wireshark	0.99.2	All	All	All
Application	Wireshark	Wireshark	0.99.3	All	All	All
Application	Wireshark	Wireshark	0.99.4	All	All	All
Application	Wireshark	Wireshark	0.99.5	All	All	All
Application	Wireshark	Wireshark	0.99.6	All	All	All
Application	Wireshark	Wireshark	0.99.7	All	All	All
Application	Wireshark	Wireshark	0.99.8	All	All	All
Application	Wireshark	Wireshark	1.0	All	All	All
Application	Wireshark	Wireshark	1.0.0	All	All	All
Application	Wireshark	Wireshark	0.9.5	All	All	All
Application	Wireshark	Wireshark	0.99.2	All	All	All
Application	Wireshark	Wireshark	0.99.3	All	All	All
Application	Wireshark	Wireshark	0.99.4	All	All	All
Application	Wireshark	Wireshark	0.99.5	All	All	All
Application	Wireshark	Wireshark	0.99.6	All	All	All
Application	Wireshark	Wireshark	0.99.7	All	All	All
Application	Wireshark	Wireshark	0.99.8	All	All	All
Application	Wireshark	Wireshark	1.0	All	All	All
Application	Wireshark	Wireshark	1.0.0	All	All	All

Reference	Source	Link	Tags
Wireshark GSM SMS, PANA, KISMET, RTMPT, and syslog Dissector Bugs Let Remote Users Deny Service - SecurityTracker	SECTRACK	securitytracker.com
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:017	SUSE	lists.opensuse.org
Wireshark 1.0.0 Multiple Vulnerabilities	BID	www.securityfocus.com
Fedora update for wireshark - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
[SECURITY] Fedora 9 Update: wireshark-1.0.2-1.fc9	FEDORA	www.redhat.com
Wireshark Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Gentoo update for wireshark - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Wireshark: Denial of Service — Gentoo Linux Documentation	GENTOO	security.gentoo.org
rPath update for wireshark - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Webmail - OVH	VUPEN	www.vupen.com
Wireshark: wnpa-sec-2008-03	CONFIRM	www.wireshark.org
Advisories:rPSA-2008-0212 - rPath Wiki	CONFIRM	wiki.rpath.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Organization	Published	Contributor	Statement
Red Hat	2008-07-11	Tomas Hoger	Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

There are currently no legacy QID mappings associated with this CVE.