An uninitialized variable in the CSN.1 dissector in Wireshark 1.6.0 through 1.6.2 could cause Wireshark to crash by reading a malformed packet trace file or if someone were to inject a malformed packet onto the the wire. This is corrected in wireshark 1.6.3. References: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140 External References: http://www.wireshark.org/security/wnpa-sec-2011-17.html
Created wireshark tracking bugs for this issue Affects: fedora-16 [bug 750652]
This was assigned the name CVE-2011-4100: http://www.openwall.com/lists/oss-security/2011/11/01/9
Statement: Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5 and 6, as they did not include support for the CSN.1 dissector.