Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2011-3483 CVE-2011-3484 CVE-2011-3482 CVE-2011-3266 |
| CWE-ID | CWE-119 CWE-20 CWE-399 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU44707
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-3483
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.6.1
CPE2.3 External linkshttp://www.mandriva.com/security/advisories?name=MDVSA-2011:138
http://www.openwall.com/lists/oss-security/2011/09/13/1
http://www.openwall.com/lists/oss-security/2011/09/14/10
http://www.openwall.com/lists/oss-security/2011/09/14/5
http://www.openwall.com/lists/oss-security/2011/09/14/9
http://www.wireshark.org/security/wnpa-sec-2011-14.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6135
http://bugzilla.redhat.com/show_bug.cgi?id=737785
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14971
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Input validation error
EUVDB-ID: #VU44708
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-3484
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.6.1
CPE2.3 External linkshttp://anonsvn.wireshark.org/viewvc?view=revision&revision=38213
http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
http://www.openwall.com/lists/oss-security/2011/09/13/1
http://www.openwall.com/lists/oss-security/2011/09/14/10
http://www.openwall.com/lists/oss-security/2011/09/14/5
http://www.openwall.com/lists/oss-security/2011/09/14/9
http://www.wireshark.org/security/wnpa-sec-2011-12.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6138
http://bugzilla.redhat.com/show_bug.cgi?id=737787
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15062
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU44709
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-3482
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.6.1
CPE2.3 External linkshttp://anonsvn.wireshark.org/viewvc?view=revision&revision=38430
http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
http://www.openwall.com/lists/oss-security/2011/09/13/1
http://www.openwall.com/lists/oss-security/2011/09/14/10
http://www.openwall.com/lists/oss-security/2011/09/14/5
http://www.openwall.com/lists/oss-security/2011/09/14/9
http://www.wireshark.org/security/wnpa-sec-2011-16.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6139
http://bugzilla.redhat.com/show_bug.cgi?id=737783
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14886
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU44786
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2011-3266
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.4.0 - 1.6.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.8:*:*:*:*:*:*:*
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html
http://securityreason.com/securityalert/8351
http://securitytracker.com/id?1025875
http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
http://www.securityfocus.com/archive/1/519049/100/0/threaded
http://www.securityfocus.com/bid/49377
http://www.wireshark.org/security/wnpa-sec-2011-13.html
http://exchange.xforce.ibmcloud.com/vulnerabilities/69411
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15042
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
