Bug 737785 (CVE-2011-3483) - CVE-2011-3483 Wireshark: buffer exception handling vulnerability
Summary: CVE-2011-3483 Wireshark: buffer exception handling vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3483
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20110907,reported=2...
Depends On:
Blocks: 737788
TreeView+ depends on / blocked
 
Reported: 2011-09-13 05:10 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-06-08 18:54 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-13 05:11:57 UTC


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2011-09-13 05:10:27 UTC
A buffer exception handling vulnerability was found in wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This affects versions 1.6.0 to 1.6.1 and has been fixed in version 1.6.2

Reference:
http://www.wireshark.org/security/wnpa-sec-2011-14.html

This issue affects the versions of wireshark shipped with Fedora-14, Fedora-15
and the upcoming Fedora-16 and has been fixed via the following security
advisories:

https://admin.fedoraproject.org/updates/FEDORA-2011-12423
https://admin.fedoraproject.org/updates/FEDORA-2011-12403
https://admin.fedoraproject.org/updates/FEDORA-2011-12399

Comment 1 Huzaifa S. Sidhpurwala 2011-09-13 05:11:57 UTC
Statement:

Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, or 6.

Comment 2 Vincent Danen 2011-09-14 21:59:12 UTC
This issue was assigned the name CVE-2011-3483.


Note You need to log in before you can comment on or make changes to this bug.