CVE-2008-4684 | Vulnerability Database | Aqua Security

packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	0.99.8	0.99.8
Wireshark	Wireshark	0.99.3	0.99.3
Wireshark	Wireshark	1.0.1	1.0.1
Wireshark	Wireshark	1.0	1.0
Wireshark	Wireshark	0.99.6	0.99.6
Wireshark	Wireshark	1.0.2	1.0.2
Wireshark	Wireshark	0.99.2	0.99.2
Wireshark	Wireshark	1.0.3	1.0.3
Wireshark	Wireshark	0.99.5	0.99.5
Wireshark	Wireshark	0.99.4	0.99.4
Wireshark	Wireshark	1.0.0	1.0.0
Wireshark	Wireshark	0.99.6a	0.99.6a
Wireshark	Wireshark	0.99.7	0.99.7

References

http://www.wireshark.org/security/wnpa-sec-2008-06.html
http://secunia.com/advisories/32355
http://www.securityfocus.com/bid/31838
http://securitytracker.com/id?1021069
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2549
http://www.mandriva.com/security/advisories?name=MDVSA-2008:215
http://www.debian.org/security/2008/dsa-1673
http://secunia.com/advisories/32944
http://wiki.rpath.com/Advisories:rPSA-2008-0336
http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm
http://secunia.com/advisories/34144
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.vupen.com/english/advisories/2008/2872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10223
http://www.securityfocus.com/archive/1/499154/100/0/threaded

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4684
CWE	https://cwe.mitre.org/data/definitions/399.html