#VU45259 Input validation error in Wireshark - CVE-2011-1143

Cybersecurity Help s.r.o.

Published: 2011-03-03 | Updated: 2022-03-24

Vulnerability identifier: #VU45259

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-1143

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 0.99.2 - 0.99.8, 1.0.0 - 1.0.16, 1.2 - 1.2.15, 1.4.0 - 1.4.2

External links
https://anonsvn.wireshark.org/viewvc?view=rev&revision=34018
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
https://secunia.com/advisories/43759
https://secunia.com/advisories/43821
https://secunia.com/advisories/44169
https://secunia.com/advisories/48947
https://www.kb.cert.org/vuls/id/215900
https://www.redhat.com/support/errata/RHSA-2011-0370.html
https://www.securityfocus.com/bid/46796
https://www.securitytracker.com/id?1025148
https://www.vupen.com/english/advisories/2011/0626
https://www.vupen.com/english/advisories/2011/0719
https://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5157
https://hermes.opensuse.org/messages/8086844
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16209

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Amazon Linux AMI update for wireshark

Multiple vulnerabilities in Wireshark