Published: 03/03/2011 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 470

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 up to and including 1.2.14, and 1.4.0 up to and including 1.4.3 allow remote malicious users to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.0.1
wireshark wireshark 1.0.4
wireshark wireshark 1.0
wireshark wireshark 1.0.3
wireshark wireshark 1.0.13
wireshark wireshark 1.0.11
wireshark wireshark 1.0.10
wireshark wireshark 1.0.2
wireshark wireshark 1.0.5
wireshark wireshark 1.0.7
wireshark wireshark 1.0.14
wireshark wireshark 1.0.0
wireshark wireshark 1.0.6
wireshark wireshark 1.0.12
wireshark wireshark 1.0.9
wireshark wireshark 1.0.8
wireshark wireshark 1.0.15
wireshark wireshark 1.0.16
wireshark wireshark 1.2.2
wireshark wireshark 1.2.3
wireshark wireshark 1.2.10
wireshark wireshark 1.2.11
wireshark wireshark 1.4.3
wireshark wireshark 1.2.0
wireshark wireshark 1.2.1
wireshark wireshark 1.2.8
wireshark wireshark 1.2.9
wireshark wireshark 1.4.1
wireshark wireshark 1.4.2
wireshark wireshark 1.2.4
wireshark wireshark 1.2.5
wireshark wireshark 1.2.12
wireshark wireshark 1.2.13
wireshark wireshark 1.2.6
wireshark wireshark 1.2.7
wireshark wireshark 1.2.14
wireshark wireshark 1.4.0

Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several vulnerabilities in the Wireshark network traffic analyzer Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to parse pcag-ng files could lead to denial of service or the execution of arbitrary code For the oldstable distribution (lenny), this problem has been ...

CWE-399 http://anonsvn.wireshark.org/viewvc?view=rev&revision=36029 http://www.wireshark.org/security/wnpa-sec-2011-04.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5717 http://www.wireshark.org/security/wnpa-sec-2011-03.html http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html http://www.vupen.com/english/advisories/2011/0719 http://www.redhat.com/support/errata/RHSA-2011-0370.html http://secunia.com/advisories/43821 http://www.vupen.com/english/advisories/2011/0622 http://www.mandriva.com/security/advisories?name=MDVSA-2011:044 http://www.vupen.com/english/advisories/2011/0747 http://www.redhat.com/support/errata/RHSA-2011-0369.html http://www.securitytracker.com/id?1025148 http://secunia.com/advisories/43795 http://www.debian.org/security/2011/dsa-2201 https://hermes.opensuse.org/messages/8086844 http://secunia.com/advisories/44169 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html http://www.vupen.com/english/advisories/2011/0626 http://secunia.com/advisories/43759 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html http://www.kb.cert.org/vuls/id/215900 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14715 https://nvd.nist.gov https://www.debian.org/security/./dsa-2201

CVE-2011-1140

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect