Buffer overflow in Wireshark



| Updated: 2020-08-11
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2011-0538
CWE-ID CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Wireshark.org

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU45360

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2011-0538

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.2.0 - 1.5.0

CPE2.3 External links

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
http://openwall.com/lists/oss-security/2011/02/04/1
http://secunia.com/advisories/43759
http://secunia.com/advisories/43795
http://secunia.com/advisories/43821
http://www.debian.org/security/2011/dsa-2201
http://www.kb.cert.org/vuls/id/215900
http://www.mandriva.com/security/advisories?name=MDVSA-2011:044
http://www.redhat.com/support/errata/RHSA-2011-0369.html
http://www.redhat.com/support/errata/RHSA-2011-0370.html
http://www.securityfocus.com/bid/46167
http://www.securitytracker.com/id?1025148
http://www.vupen.com/english/advisories/2011/0622
http://www.vupen.com/english/advisories/2011/0626
http://www.vupen.com/english/advisories/2011/0719
http://www.vupen.com/english/advisories/2011/0747
http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html
http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
http://www.wireshark.org/security/wnpa-sec-2011-03.html
http://www.wireshark.org/security/wnpa-sec-2011-04.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652
http://bugzilla.redhat.com/show_bug.cgi?id=676232
http://exchange.xforce.ibmcloud.com/vulnerabilities/65182
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14605


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###