Bug 737783 (CVE-2011-3482) - CVE-2011-3482 Wireshark: CSN.1 dissector vulnerability
Summary: CVE-2011-3482 Wireshark: CSN.1 dissector vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3482
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 737788
TreeView+ depends on / blocked
 
Reported: 2011-09-13 04:59 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-24 14:44 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-13 05:06:38 UTC
Embargoed:

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2011-09-13 04:59:20 UTC 
An uninitialized variable flaw was found in the CSN.1 dissector of wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
This affects versions 1.6.0 to 1.6.1 and has been fixed in version 1.6.2

Reference:
http://www.wireshark.org/security/wnpa-sec-2011-16.html

This issue affects the versions of wireshark shipped with Fedora-14, Fedora-15 and the upcoming Fedora-16 and has been fixed via the following security advisories:

https://admin.fedoraproject.org/updates/FEDORA-2011-12423
https://admin.fedoraproject.org/updates/FEDORA-2011-12403
https://admin.fedoraproject.org/updates/FEDORA-2011-12399
Comment 1 Huzaifa S. Sidhpurwala 2011-09-13 05:00:12 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Comment 2 Vincent Danen 2011-09-14 21:58:24 UTC 
This issue was assigned the name CVE-2011-3482.
Note You need to log in before you can comment on or make changes to this bug.