CVE-2011-1140

2011-03-0301:00:00

CWE-399

[email protected]

web.nvd.nist.gov

114

wireshark

vulnerabilities

denial of service

remote attack

smb

cldap

nvd

cve-2011-1140

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.

CPENameOperatorVersion
wireshark:wiresharkwiresharkeq1.0.13
wireshark:wiresharkwiresharkeq1.0.9
wireshark:wiresharkwiresharkeq1.0.1
wireshark:wiresharkwiresharkeq1.0.15
wireshark:wiresharkwiresharkeq1.0
wireshark:wiresharkwiresharkeq1.0.2
wireshark:wiresharkwiresharkeq1.0.4
wireshark:wiresharkwiresharkeq1.0.3
wireshark:wiresharkwiresharkeq1.0.6
wireshark:wiresharkwiresharkeq1.0.10

CPE	Name	Operator	Version
wireshark:wireshark	wireshark	eq	1.0.13
wireshark:wireshark	wireshark	eq	1.0.9
wireshark:wireshark	wireshark	eq	1.0.1
wireshark:wireshark	wireshark	eq	1.0.15
wireshark:wireshark	wireshark	eq	1.0
wireshark:wireshark	wireshark	eq	1.0.2
wireshark:wireshark	wireshark	eq	1.0.4
wireshark:wireshark	wireshark	eq	1.0.3
wireshark:wireshark	wireshark	eq	1.0.6
wireshark:wireshark	wireshark	eq	1.0.10