Published: 06/06/2011 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x prior to 1.2.17 and 1.4.x prior to 1.4.7 does not properly handle certain virtualizable buffers, which allows remote malicious users to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.2.11
wireshark wireshark 1.2
wireshark wireshark 1.2.4
wireshark wireshark 1.2.1
wireshark wireshark 1.2.2
wireshark wireshark 1.2.9
wireshark wireshark 1.2.10
wireshark wireshark 1.2.14
wireshark wireshark 1.2.13
wireshark wireshark 1.2.15
wireshark wireshark 1.2.6
wireshark wireshark 1.2.12
wireshark wireshark 1.2.0
wireshark wireshark 1.2.16
wireshark wireshark 1.2.8
wireshark wireshark 1.2.7
wireshark wireshark 1.2.5
wireshark wireshark 1.2.3
wireshark wireshark 1.4.6
wireshark wireshark 1.4.5
wireshark wireshark 1.4.4
wireshark wireshark 1.4.1
wireshark wireshark 1.4.0
wireshark wireshark 1.4.3
wireshark wireshark 1.4.2

Debian Bug report logs - #630159 wireshark: multiple security issues Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sat, 11 Jun 2011 16:39:01 UTC Severity: grave Tags: secu ...

Synopsis Moderate: wireshark security update Type/Severity Security Advisory: Moderate Topic Updated wireshark packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerab ...

Synopsis Moderate: wireshark security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated wireshark packages that fix several security issues, three bugs,and add one enhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated ...

CWE-119 http://www.wireshark.org/security/wnpa-sec-2011-08.html http://openwall.com/lists/oss-security/2011/06/01/1 https://bugzilla.redhat.com/show_bug.cgi?id=710039 http://openwall.com/lists/oss-security/2011/05/31/20 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912 http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068 http://www.wireshark.org/security/wnpa-sec-2011-07.html http://openwall.com/lists/oss-security/2011/06/01/11 http://secunia.com/advisories/44449 http://www.securityfocus.com/bid/48066 http://secunia.com/advisories/45149 http://secunia.com/advisories/44958 http://www.debian.org/security/2011/dsa-2274 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html http://secunia.com/advisories/48947 http://rhn.redhat.com/errata/RHSA-2013-0125.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67792 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14656 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630159 https://nvd.nist.gov

CVE-2011-1959

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect