Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2011-2698 CVE-2011-2597 |
| CWE-ID | CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU44798
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2698
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.4.0 - 1.6.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.6.0:*:*:*:*:*:*:*
http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html
http://rhn.redhat.com/errata/RHSA-2013-0125.html
http://secunia.com/advisories/45086
http://secunia.com/advisories/45574
http://secunia.com/advisories/48947
http://www.openwall.com/lists/oss-security/2011/07/19/5
http://www.openwall.com/lists/oss-security/2011/07/20/2
http://www.securityfocus.com/bid/49071
http://www.wireshark.org/security/wnpa-sec-2011-10.html
http://www.wireshark.org/security/wnpa-sec-2011-11.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044
http://bugzilla.redhat.com/show_bug.cgi?id=723215
http://exchange.xforce.ibmcloud.com/vulnerabilities/69074
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU44899
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-2597
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.2 - 1.6.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.6.0:*:*:*:*:*:*:*
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html
http://secunia.com/advisories/45086
http://secunia.com/advisories/45574
http://secunia.com/advisories/48947
http://securitytracker.com/id?1025738
http://www.mandriva.com/security/advisories?name=MDVSA-2011:118
http://www.securityfocus.com/bid/48506
http://www.wireshark.org/security/wnpa-sec-2011-09.html
http://www.wireshark.org/security/wnpa-sec-2011-10.html
http://www.wireshark.org/security/wnpa-sec-2011-11.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/68335
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14794
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
