#VU45360 Buffer overflow in Wireshark - CVE-2011-0538

Cybersecurity Help s.r.o.

Published: 2011-02-09 | Updated: 2020-08-11

Vulnerability identifier: #VU45360

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-0538

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.2.0 - 1.2.14, 1.4.0 - 1.4.3, 1.5.0

External links
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
https://openwall.com/lists/oss-security/2011/02/04/1
https://secunia.com/advisories/43759
https://secunia.com/advisories/43795
https://secunia.com/advisories/43821
https://www.debian.org/security/2011/dsa-2201
https://www.kb.cert.org/vuls/id/215900
https://www.mandriva.com/security/advisories?name=MDVSA-2011:044
https://www.redhat.com/support/errata/RHSA-2011-0369.html
https://www.redhat.com/support/errata/RHSA-2011-0370.html
https://www.securityfocus.com/bid/46167
https://www.securitytracker.com/id?1025148
https://www.vupen.com/english/advisories/2011/0622
https://www.vupen.com/english/advisories/2011/0626
https://www.vupen.com/english/advisories/2011/0719
https://www.vupen.com/english/advisories/2011/0747
https://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html
https://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
https://www.wireshark.org/security/wnpa-sec-2011-03.html
https://www.wireshark.org/security/wnpa-sec-2011-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652
https://bugzilla.redhat.com/show_bug.cgi?id=676232
https://exchange.xforce.ibmcloud.com/vulnerabilities/65182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14605

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Buffer overflow in Wireshark