Lucene search

K

MitreCVE-2011-3482

HistorySep 20, 2011 - 10:55 a.m.

CVE-2011-3482

2011-09-2010:55:04

CWE-399

mitre

web.nvd.nist.gov

27

wireshark

denial of service

vulnerability

remote attack

packet dissector

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.008

Percentile

82.2%

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Affected configurations

Nvd

Node

wiresharkwiresharkMatch1.6.0

OR

wiresharkwiresharkMatch1.6.1

VendorProductVersionCPE
wiresharkwireshark1.6.0cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*
wiresharkwireshark1.6.1cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*

References

anonsvn.wireshark.org/viewvc?view=revision&revision=38430

www.mandriva.com/security/advisories?name=MDVSA-2011:138

www.openwall.com/lists/oss-security/2011/09/13/1

www.openwall.com/lists/oss-security/2011/09/14/10

www.openwall.com/lists/oss-security/2011/09/14/5

www.openwall.com/lists/oss-security/2011/09/14/9

www.wireshark.org/security/wnpa-sec-2011-16.html

bugs.wireshark.org/bugzilla/show_bug.cgi?id=6139

bugzilla.redhat.com/show_bug.cgi?id=737783

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14886

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.008

Percentile

82.2%

Related for CVE-2011-3482

cvelist1 ubuntucve1 prion1 debiancve1 nvd1 openvas6 securityvulns2 nessus3 gentoo1