CVE-2009-1210

Exp

Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.

Published: 2009-04-01 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2009-1210 is rated High Exploit Risk (83.7/100): CVSS Critical severity, with high exploitation likelihood (EPSS 15.23%, 96th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2009-1210

EDB-ID Source Kind Published Link
8308 exploit_db edb 2009-03-30 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2009-1210

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 35.99% 15.23% -20.76%
2 2026-05-22 34.47% 35.99% +1.52%
3 2025-04-17 34.47%

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-1210

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2009-1210

OS Trackers for CVE-2009-1210

vendor priority summary link
debian low CVE-2009-1210 low priority: Debian including 1 source packages (wireshark), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2009-1210
gentoo high CVE-2009-1210: 1 GLSA(s) (200906-05), 1 atom(s) (net-analyzer/wireshark); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2009-1210
redhat medium https://access.redhat.com/security/cve/CVE-2009-1210
suse critical CVE-2009-1210 severity critical: SUSE including 51 source package names (libwireshark18-4.4.7-160000.2.2, libwireshark8-2.2.7-47.1, …), 80 product×package rows across 31 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (31 product lines)): Fixed 80. https://www.suse.com/security/cve/CVE-2009-1210/
ubuntu medium CVE-2009-1210 medium priority: Ubuntu including 1 source packages (wireshark), 11 status rows across 11 suites (dapper, gutsy, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): ignored 5, not-affected 4, DNE 1, released 1. https://ubuntu.com/security/CVE-2009-1210

Affected software / configurations for CVE-2009-1210

Vendor Product Version Raw CPE
wireshark wireshark <= 1.0.5 cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
wireshark wireshark 0.6 cpe:2.3:a:wireshark:wireshark:0.6:*:*:*:*:*:*:*
wireshark wireshark 0.7.9 cpe:2.3:a:wireshark:wireshark:0.7.9:*:*:*:*:*:*:*
wireshark wireshark 0.8.16 cpe:2.3:a:wireshark:wireshark:0.8.16:*:*:*:*:*:*:*
wireshark wireshark 0.8.19 cpe:2.3:a:wireshark:wireshark:0.8.19:*:*:*:*:*:*:*
wireshark wireshark 0.9.5 cpe:2.3:a:wireshark:wireshark:0.9.5:*:*:*:*:*:*:*
wireshark wireshark 0.9.7 cpe:2.3:a:wireshark:wireshark:0.9.7:*:*:*:*:*:*:*
wireshark wireshark 0.9.8 cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*
wireshark wireshark 0.9.10 cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*
wireshark wireshark 0.9.14 cpe:2.3:a:wireshark:wireshark:0.9.14:*:*:*:*:*:*:*
wireshark wireshark 0.10 cpe:2.3:a:wireshark:wireshark:0.10:*:*:*:*:*:*:*
wireshark wireshark 0.10.1 cpe:2.3:a:wireshark:wireshark:0.10.1:*:*:*:*:*:*:*
wireshark wireshark 0.10.2 cpe:2.3:a:wireshark:wireshark:0.10.2:*:*:*:*:*:*:*
wireshark wireshark 0.10.3 cpe:2.3:a:wireshark:wireshark:0.10.3:*:*:*:*:*:*:*
wireshark wireshark 0.10.4 cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*
wireshark wireshark 0.10.5 cpe:2.3:a:wireshark:wireshark:0.10.5:*:*:*:*:*:*:*
wireshark wireshark 0.10.6 cpe:2.3:a:wireshark:wireshark:0.10.6:*:*:*:*:*:*:*
wireshark wireshark 0.10.7 cpe:2.3:a:wireshark:wireshark:0.10.7:*:*:*:*:*:*:*
wireshark wireshark 0.10.8 cpe:2.3:a:wireshark:wireshark:0.10.8:*:*:*:*:*:*:*
wireshark wireshark 0.10.9 cpe:2.3:a:wireshark:wireshark:0.10.9:*:*:*:*:*:*:*
wireshark wireshark 0.10.10 cpe:2.3:a:wireshark:wireshark:0.10.10:*:*:*:*:*:*:*
wireshark wireshark 0.10.11 cpe:2.3:a:wireshark:wireshark:0.10.11:*:*:*:*:*:*:*
wireshark wireshark 0.10.12 cpe:2.3:a:wireshark:wireshark:0.10.12:*:*:*:*:*:*:*
wireshark wireshark 0.10.13 cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*
wireshark wireshark 0.10.14 cpe:2.3:a:wireshark:wireshark:0.10.14:*:*:*:*:*:*:*
wireshark wireshark 0.99 cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*
wireshark wireshark 0.99.0 cpe:2.3:a:wireshark:wireshark:0.99.0:*:*:*:*:*:*:*
wireshark wireshark 0.99.1 cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*
wireshark wireshark 0.99.2 cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
wireshark wireshark 0.99.3 cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
wireshark wireshark 0.99.4 cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
wireshark wireshark 0.99.5 cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
wireshark wireshark 0.99.6 cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
wireshark wireshark 0.99.6a cpe:2.3:a:wireshark:wireshark:0.99.6a:*:*:*:*:*:*:*
wireshark wireshark 0.99.7 cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
wireshark wireshark 0.99.8 cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
wireshark wireshark 1.0 cpe:2.3:a:wireshark:wireshark:1.0:*:*:*:*:*:*:*
wireshark wireshark 1.0.0 cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
wireshark wireshark 1.0.1 cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
wireshark wireshark 1.0.2 cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
wireshark wireshark 1.0.3 cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
wireshark wireshark 1.0.4 cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*

References for CVE-2009-1210

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/34542 Vendor Advisory
http://secunia.com/advisories/34778 Vendor Advisory
http://secunia.com/advisories/34970 Vendor Advisory
http://secunia.com/advisories/35133 Vendor Advisory
http://secunia.com/advisories/35224 Vendor Advisory
http://secunia.com/advisories/35416 Vendor Advisory
http://secunia.com/advisories/35464 Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0062
http://www.debian.org/security/2009/dsa-1785
http://www.mandriva.com/security/advisories?name=MDVSA-2009:088
http://www.redhat.com/support/errata/RHSA-2009-1100.html
http://www.securityfocus.com/archive/1/502745/100/0/threaded
http://www.securityfocus.com/bid/34291 Exploit
http://www.wireshark.org/security/wnpa-sec-2009-02.html Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526
https://www.exploit-db.com/exploits/8308
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html
cvelogic Threat Intelligence