CVE - CVE-2011-1959

CVE-ID
CVE-2011-1959	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:44449 URL:http://secunia.com/advisories/44449 MISC:44958 URL:http://secunia.com/advisories/44958 MISC:45149 URL:http://secunia.com/advisories/45149 MISC:48066 URL:http://www.securityfocus.com/bid/48066 MISC:48947 URL:http://secunia.com/advisories/48947 MISC:DSA-2274 URL:http://www.debian.org/security/2011/dsa-2274 MISC:FEDORA-2011-7821 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html MISC:FEDORA-2011-7846 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html MISC:FEDORA-2011-7858 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html MISC:RHSA-2013:0125 URL:http://rhn.redhat.com/errata/RHSA-2013-0125.html MISC:[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues URL:http://openwall.com/lists/oss-security/2011/05/31/20 MISC:[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues URL:http://openwall.com/lists/oss-security/2011/06/01/1 MISC:[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues URL:http://openwall.com/lists/oss-security/2011/06/01/11 MISC:http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068 URL:http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068 MISC:http://www.wireshark.org/security/wnpa-sec-2011-07.html URL:http://www.wireshark.org/security/wnpa-sec-2011-07.html MISC:http://www.wireshark.org/security/wnpa-sec-2011-08.html URL:http://www.wireshark.org/security/wnpa-sec-2011-08.html MISC:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912 URL:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=710039 URL:https://bugzilla.redhat.com/show_bug.cgi?id=710039 MISC:oval:org.mitre.oval:def:14656 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14656 MISC:wireshark-snoop-dos(67792) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/67792
Assigning CNA
Red Hat, Inc.
Date Record Created
20110509	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110509)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.