Launchpad CVE tracker

CVE 2010-2995

The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.

Related bugs and status

CVE-2010-2995 (Candidate) is related to these bugs:

Bug #730413: CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file

		In	Importance	Status
730413	CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file	wireshark (Ubuntu)	Medium	Invalid
730413	CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file	wireshark (Ubuntu Karmic)	Medium	Invalid
730413	CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file	wireshark (Ubuntu Lucid)	Medium	Invalid
730413	CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file	wireshark (Ubuntu Maverick)	Medium	Invalid

Bug #730419: CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns

		In	Importance	Status
730419	CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns	wireshark (Ubuntu)	Medium	Fix Released
730419	CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns	wireshark (Ubuntu Lucid)	Medium	Won't Fix
730419	CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns	wireshark (Ubuntu Maverick)	Undecided	Fix Released
730419	CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns	wireshark (Ubuntu Natty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2995

References