ID CVE-2011-2698 Type cve Reporter NVD Modified 2017-09-18T21:33:05
Description
Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.
{"id": "CVE-2011-2698", "bulletinFamily": "NVD", "title": "CVE-2011-2698", "description": "Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.", "published": "2011-08-23T17:55:01", "modified": "2017-09-18T21:33:05", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2698", "reporter": "NVD", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=723215", "http://www.wireshark.org/security/wnpa-sec-2011-10.html", "http://rhn.redhat.com/errata/RHSA-2013-0125.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html", "http://www.openwall.com/lists/oss-security/2011/07/19/5", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/69074", "http://www.wireshark.org/security/wnpa-sec-2011-11.html", "http://www.securityfocus.com/bid/49071", "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044"], "cvelist": ["CVE-2011-2698"], "type": "cve", "lastseen": "2017-09-19T13:37:38", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14610", "name": "oval:org.mitre.oval:def:14610", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "cvelist": ["CVE-2011-2698"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.", "edition": 2, "enchantments": {}, "hash": "dfcabd0717238df3484778d3c10237711270b156348672355cbf89b11023e9cf", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "05f522ec506d4dadb3727ffbcab48dcd", "key": "published"}, {"hash": "4587ed4b0cd48a8dc74d348306c1408d", "key": "href"}, {"hash": "2a249b2fb2161b22c6cc124ec2142fa7", "key": "references"}, {"hash": "4e1f91d721a2dab811e6e46ca47341f4", "key": "description"}, {"hash": "e70ed5d4da24b600d64c7086763fe575", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "3a204eed53079319c10f52ec00124027", "key": "assessment"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "55ef69ce537b87c6e1a4847547d929cb", "key": "cpe"}, {"hash": "584e473cf5fd4e0b20e03d8285d2041d", "key": "title"}, {"hash": "7ef99e1d33c431567b93ed7bead5d16d", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2698", "id": "CVE-2011-2698", "lastseen": "2017-08-29T11:19:30", "modified": "2017-08-28T21:29:31", "objectVersion": "1.3", "published": "2011-08-23T17:55:01", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=723215", "http://www.wireshark.org/security/wnpa-sec-2011-10.html", "http://rhn.redhat.com/errata/RHSA-2013-0125.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html", "http://www.openwall.com/lists/oss-security/2011/07/19/5", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/69074", "http://www.wireshark.org/security/wnpa-sec-2011-11.html", "http://www.securityfocus.com/bid/49071", "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044"], "reporter": "NVD", "scanner": [], "title": "CVE-2011-2698", "type": "cve", "viewCount": 1}, "differentElements": ["assessment", "modified"], "edition": 2, "lastseen": "2017-08-29T11:19:30"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14610", "name": "oval:org.mitre.oval:def:14610", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "cvelist": ["CVE-2011-2698"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.", "edition": 1, "enchantments": {}, "hash": "a02b5ea8548a6edfa95ba2e599eb9e40bdff7d1a2c6b88f2ed686637ae28b49f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "05f522ec506d4dadb3727ffbcab48dcd", "key": "published"}, {"hash": "da66951b74d4d6b88eee9cbe4db2eb42", "key": "references"}, {"hash": "7769e516ee8a1dc404b8265921086629", "key": "modified"}, {"hash": "4587ed4b0cd48a8dc74d348306c1408d", "key": "href"}, {"hash": "4e1f91d721a2dab811e6e46ca47341f4", "key": "description"}, {"hash": "e70ed5d4da24b600d64c7086763fe575", "key": "cvelist"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "3a204eed53079319c10f52ec00124027", "key": "assessment"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "55ef69ce537b87c6e1a4847547d929cb", "key": "cpe"}, {"hash": "584e473cf5fd4e0b20e03d8285d2041d", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2698", "id": "CVE-2011-2698", "lastseen": "2016-09-03T15:30:37", "modified": "2013-02-06T23:45:41", "objectVersion": "1.2", "published": "2011-08-23T17:55:01", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=723215", "http://www.wireshark.org/security/wnpa-sec-2011-10.html", "http://xforce.iss.net/xforce/xfdb/69074", "http://rhn.redhat.com/errata/RHSA-2013-0125.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html", "http://www.openwall.com/lists/oss-security/2011/07/19/5", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html", "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930", "http://www.openwall.com/lists/oss-security/2011/07/20/2", "http://www.wireshark.org/security/wnpa-sec-2011-11.html", "http://www.securityfocus.com/bid/49071", "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044"], "reporter": "NVD", "scanner": [], "title": "CVE-2011-2698", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T15:30:37"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "38d552cc07af8a12388cb386f5b025ad"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "55ef69ce537b87c6e1a4847547d929cb"}, {"key": "cvelist", "hash": "e70ed5d4da24b600d64c7086763fe575"}, {"key": "cvss", "hash": "3873c836ae45fd496c2b40bae50467ed"}, {"key": "description", "hash": "4e1f91d721a2dab811e6e46ca47341f4"}, {"key": "href", "hash": "4587ed4b0cd48a8dc74d348306c1408d"}, {"key": "modified", "hash": "44d5c06438bf9a426d3e91466aec9985"}, {"key": "published", "hash": "05f522ec506d4dadb3727ffbcab48dcd"}, {"key": "references", "hash": "2a249b2fb2161b22c6cc124ec2142fa7"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "584e473cf5fd4e0b20e03d8285d2041d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4b59d542157f0b058a58cd01c8a78c4fd9e950c4963db9c55a0a5e11905a3bb6", "viewCount": 1, "enchantments": {"vulnersScore": 3.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:wireshark:wireshark:1.4.0", "cpe:/a:wireshark:wireshark:1.4.4", "cpe:/a:wireshark:wireshark:1.4.2", "cpe:/a:wireshark:wireshark:1.4.5", "cpe:/a:wireshark:wireshark:1.6.0", "cpe:/a:wireshark:wireshark:1.4.3", "cpe:/a:wireshark:wireshark:1.4.6", "cpe:/a:wireshark:wireshark:1.4.7", "cpe:/a:wireshark:wireshark:1.4.1"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610", "name": "oval:org.mitre.oval:def:14610", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": []}
{"result": {"openvas": [{"id": "OPENVAS:1361412562310802766", "type": "openvas", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "published": "2012-05-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802766", "cvelist": ["CVE-2011-2698"], "lastseen": "2018-04-06T11:19:50"}, {"id": "OPENVAS:1361412562310902721", "type": "openvas", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "published": "2011-08-26T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902721", "cvelist": ["CVE-2011-2698"], "lastseen": "2018-04-06T11:36:59"}, {"id": "OPENVAS:802766", "type": "openvas", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Mac OS X)", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "published": "2012-05-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802766", "cvelist": ["CVE-2011-2698"], "lastseen": "2017-07-02T21:10:51"}, {"id": "OPENVAS:902721", "type": "openvas", "title": "Wireshark ANSI A MAP Files Denial of Service Vulnerability (Windows)", "description": "This host is installed with Wireshark and is prone to denial of\n service vulnerability.", "published": "2011-08-26T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=902721", "cvelist": ["CVE-2011-2698"], "lastseen": "2017-09-04T14:20:17"}, {"id": "OPENVAS:863405", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-9638", "description": "Check for the Version of wireshark", "published": "2011-08-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863405", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2017-07-25T10:55:46"}, {"id": "OPENVAS:1361412562310863405", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-9638", "description": "Check for the Version of wireshark", "published": "2011-08-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863405", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2018-04-09T11:37:31"}, {"id": "OPENVAS:863402", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-9640", "description": "Check for the Version of wireshark", "published": "2011-08-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=863402", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2017-07-25T10:55:27"}, {"id": "OPENVAS:1361412562310863402", "type": "openvas", "title": "Fedora Update for wireshark FEDORA-2011-9640", "description": "Check for the Version of wireshark", "published": "2011-08-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863402", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2018-04-09T11:35:53"}, {"id": "OPENVAS:870879", "type": "openvas", "title": "RedHat Update for wireshark RHSA-2013:0125-01", "description": "Check for the Version of wireshark", "published": "2013-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870879", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2018-01-19T15:09:36"}, {"id": "OPENVAS:1361412562310881567", "type": "openvas", "title": "CentOS Update for wireshark CESA-2013:0125 centos5 ", "description": "Check for the Version of wireshark", "published": "2013-01-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881567", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2018-04-09T11:22:19"}], "nessus": [{"id": "FEDORA_2011-9640.NASL", "type": "nessus", "title": "Fedora 14 : wireshark-1.4.8-1.fc14 (2011-9640)", "description": "Wireshark 1.4.8 fixes the following vulnerabilities :\n\nThe Lucent/Ascend file parser was susceptible to an infinite loop.\nCVE-2011-2597. The ANSI MAP dissector was susceptible to an infinite loop. CVE-2011-2698.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55808", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2017-10-29T13:33:19"}, {"id": "WIRESHARK_1_2_18.NASL", "type": "nessus", "title": "Wireshark < 1.2.18 / 1.4.8 / 1.6.1 Multiple Denial of Service Vulnerabilities", "description": "The installed version of Wireshark is earlier than 1.2.18 / 1.4.8 / 1.6.1 and thus is potentially affected by multiple denial of service vulnerabilities:\n\n - An error in the Lucent / Ascend file parser can be exploited by specially crafted packets to cause high CPU usage. (CVE-2011-2597)\n\n - An error in the 'elem_cell_id_list' function of the ANSI MAP dissector can be exploited by a specially crafted MAP packet to cause a denial of service condition. (Issue #6044)", "published": "2011-07-05T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55510", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2017-10-29T13:45:04"}, {"id": "FEDORA_2011-9638.NASL", "type": "nessus", "title": "Fedora 15 : wireshark-1.4.8-1.fc15 (2011-9638)", "description": "Wireshark 1.4.8 fixes the following vulnerabilities :\n\nThe Lucent/Ascend file parser was susceptible to an infinite loop.\nCVE-2011-2597. The ANSI MAP dissector was susceptible to an infinite loop. CVE-2011-2698.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-08-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=55807", "cvelist": ["CVE-2011-2597", "CVE-2011-2698"], "lastseen": "2017-10-29T13:38:46"}, {"id": "ORACLELINUX_ELSA-2013-0125.NASL", "type": "nessus", "title": "Oracle Linux 5 : wireshark (ELSA-2013-0125)", "description": "From Red Hat Security Advisory 2013:0125 :\n\nUpdated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ#580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68696", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2017-10-29T13:41:11"}, {"id": "SUSE_11_4_WIRESHARK-111013.NASL", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - CVE-2011-3266: Wireshark IKE dissector vulnerability\n\n - CVE-2011-3360: Wireshark Lua script execution vulnerability\n\n - CVE-2011-3483: Wireshark buffer exception handling vulnerability\n\n - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop\n\n - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop\n\n - CVE-2011-1957: Large/infinite loop in the DICOM dissector\n\n - CVE-2011-1959: A corrupted snoop file could crash Wireshark\n\n - CVE-2011-2174: Malformed compressed capture data could crash Wireshark\n\n - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark\n\n - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary", "published": "2014-06-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76045", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "lastseen": "2017-10-29T13:43:57"}, {"id": "SUSE_WIRESHARK-7795.NASL", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7795)", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - Wireshark IKE dissector vulnerability. (CVE-2011-3266)\n\n - Wireshark Lua script execution vulnerability.\n (CVE-2011-3360)\n\n - Wireshark buffer exception handling vulnerability.\n (CVE-2011-3483)\n\n - Lucent/Ascend file parser susceptible to infinite loop.\n (CVE-2011-2597)\n\n - ANSI MAP dissector susceptible to infinite loop.\n (CVE-2011-2698)\n\n - Large/infinite loop in the DICOM dissector.\n (CVE-2011-1957)\n\n - A corrupted snoop file could crash Wireshark.\n (CVE-2011-1959)\n\n - Malformed compressed capture data could crash Wireshark.\n (CVE-2011-2174)\n\n - A corrupted Visual Networks file could crash Wireshark.\n (CVE-2011-2175)\n\n - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958)", "published": "2011-10-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56617", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "lastseen": "2017-10-29T13:40:34"}, {"id": "SUSE_11_3_WIRESHARK-111013.NASL", "type": "nessus", "title": "openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - CVE-2011-3266: Wireshark IKE dissector vulnerability\n\n - CVE-2011-3360: Wireshark Lua script execution vulnerability\n\n - CVE-2011-3483: Wireshark buffer exception handling vulnerability \n\n - CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop\n\n - CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop \n\n - CVE-2011-1957: Large/infinite loop in the DICOM dissector\n\n - CVE-2011-1959: A corrupted snoop file could crash Wireshark\n\n - CVE-2011-2174: Malformed compressed capture data could crash Wireshark\n\n - CVE-2011-2175: A corrupted Visual Networks file could crash Wireshark\n\n - CVE-2011-1958: dereferene a NULL pointer if we had a corrupted Diameter dictionary", "published": "2014-06-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75774", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "lastseen": "2017-10-29T13:42:24"}, {"id": "SUSE_WIRESHARK-7796.NASL", "type": "nessus", "title": "SuSE 10 Security Update : wireshark (ZYPP Patch Number 7796)", "description": "This update of wireshark fixes the following vulnerabilities :\n\n - Wireshark IKE dissector vulnerability. (CVE-2011-3266)\n\n - Wireshark Lua script execution vulnerability.\n (CVE-2011-3360)\n\n - Wireshark buffer exception handling vulnerability.\n (CVE-2011-3483)\n\n - Lucent/Ascend file parser susceptible to infinite loop.\n (CVE-2011-2597)\n\n - ANSI MAP dissector susceptible to infinite loop.\n (CVE-2011-2698)\n\n - Large/infinite loop in the DICOM dissector.\n (CVE-2011-1957)\n\n - A corrupted snoop file could crash Wireshark.\n (CVE-2011-1959)\n\n - Malformed compressed capture data could crash Wireshark.\n (CVE-2011-2174)\n\n - A corrupted Visual Networks file could crash Wireshark.\n (CVE-2011-2175)\n\n - dereferene a NULL pointer if we had a corrupted Diameter dictionary. (CVE-2011-1958)", "published": "2011-12-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57263", "cvelist": ["CVE-2011-2174", "CVE-2011-2175", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-3483", "CVE-2011-1957", "CVE-2011-3266", "CVE-2011-1958"], "lastseen": "2017-10-29T13:39:36"}, {"id": "SL_20130108_WIRESHARK_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : wireshark on SL5.x i386/x86_64", "description": "A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially- crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThis update also fixes the following bugs :\n\n - When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection.\n\n - Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names.\n\n - Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n\n - Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n\nThis update also adds the following enhancement :\n\n - In this update, support for the 'NetDump' protocol was added.\n\nAll running instances of Wireshark must be restarted for the update to take effect.", "published": "2013-01-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63606", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2017-10-29T13:40:54"}, {"id": "REDHAT-RHSA-2013-0125.NASL", "type": "nessus", "title": "RHEL 5 : wireshark (RHSA-2013:0125)", "description": "Updated wireshark packages that fix several security issues, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.\n(CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.\n\nThis update also fixes the following bugs :\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The 'Invalid capture filter' message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ#580510)\n\n* Previously, the TShark '-s' (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the '-s' option is fixed and sizes lower than 68 bytes work as expected.\n(BZ#580513)\n\nThis update also adds the following enhancement :\n\n* In this update, support for the 'NetDump' protocol was added.\n(BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect.", "published": "2013-01-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63408", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2017-10-29T13:36:43"}], "oraclelinux": [{"id": "ELSA-2013-0125", "type": "oraclelinux", "title": "wireshark security, bug fix, and enhancement update", "description": "[1.0.15-5.0.1.el5]\r\n- Added oracle-ocfs2-network.patch\r\n- increase max packet size to 65536 (Herbert van den Bergh) [orabug 13542633]\r\n \n[1.0.15-5]\r\n- fixed CVE-2012-4285, CVE-2012-4289, CVE-2012-4291 and CVE-2012-4290\r\n (#849521)\r\n \n[1.0.15-4]\r\n- fixed NetDump dissector (#484999)\r\n \n[1.0.15-3]\r\n- fixed various flaws: CVE-2011-1959 CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066\r\n CVE-2012-0067\r\n \n[1.0.15-2]\r\n- fixed tshark -s option (#580513)\r\n- fixed tshark exit code when dumpcap fails (#580510)\r\n- fixed editing of columns in Wireshark preferences (#493693)\r\n- added netdump protocol dissector (#484999)\r\n- fixed tshark / Wireshark automatic filter when started in ssh connection\r\n over IPv6 (#438473)", "published": "2013-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0125.html", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2016-09-04T11:16:17"}, {"id": "ELSA-2012-0509", "type": "oraclelinux", "title": "wireshark security update", "description": "[1.2.15-2.0.1.el6_2.1]\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\n[1.2.15-2.1]\n- security patches\n- Resolves: CVE-2011-1143\n CVE-2011-1590\n CVE-2011-1957\n CVE-2011-1959\n CVE-2011-2174\n CVE-2011-2175 CVE-2011-1958\n CVE-2011-2597 CVE-2011-2698\n CVE-2011-4102\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\n CVE-2012-0042\n CVE-2012-1595", "published": "2012-04-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-0509.html", "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "lastseen": "2016-09-04T11:17:15"}, {"id": "ELSA-2013-1569", "type": "oraclelinux", "title": "wireshark security, bug fix, and enhancement update", "description": "[1.8.10-4.0.1.el6]\r\n- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect\r\n \n[1.8.10-4]\r\n- fix memory leak when reassemblying a packet\r\n- Related: #711024\r\n \n[1.8.10-3]\r\n- fix config.h conflict\r\n- Related: #711024\r\n \n[1.8.10-2]\r\n- do not configure with setcap-install\r\n- Related: #711024\r\n \n[1.8.10-1]\r\n- upgrade to 1.8.10\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html\r\n- Related: #711024\r\n \n[1.8.8-10]\r\n- fix consolehelper path for dumpcap\r\n- Related: #711024\r\n \n[1.8.8-9]\r\n- fix dumpcap group\r\n- Related: #711024\r\n \n[1.8.8-8]\r\n- fix tshark output streams and formatting for -L, -D\r\n- Resolves: #1004636\r\n \n[1.8.8-7]\r\n- fix double free in wiretap/netmon.c\r\n- Related: #711024\r\n \n[1.8.8-6]\r\n- security patches\r\n- Resolves: CVE-2013-4927\r\n CVE-2013-4931\r\n CVE-2013-4932\r\n CVE-2013-4933\r\n CVE-2013-4934\r\n CVE-2013-4935\r\n CVE-2013-3557\r\n \n[1.8.8-5]\r\n- fix desktop file\r\n- Related: #711024\r\n \n[1.8.8-4]\r\n- fix tap-iostat buffer overflow\r\n- fix dcom string overrun\r\n- fix sctp bytes graph crash\r\n- fix airpcap dialog crash\r\n- Related: #711024\r\n \n[1.8.8-3]\r\n- fix dumpcap privileges to 755\r\n- Related: #711024\r\n \n[1.8.8-2]\r\n- new sources\r\n- Related: #711024\r\n \n[1.8.8-1]\r\n- upgrade to 1.8.8\r\n- see http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html\r\n- Resolves: #711024\r\n- Resolves: #858976\r\n- Resolves: #699636\r\n- Resolves: #750712\r\n- Resolves: #832021\r\n- Resolves: #889346\r\n- Resolves: #659661\r\n- Resolves: #715560\r\n \n[1.2.15-3]\r\n- security patches\r\n- Resolves: CVE-2011-1143\r\n CVE-2011-1590\r\n CVE-2011-1957\r\n CVE-2011-1959\r\n CVE-2011-2174\r\n CVE-2011-2175 CVE-2011-1958\r\n CVE-2011-2597 CVE-2011-2698\r\n CVE-2011-4102\r\n CVE-2012-0041 CVE-2012-0066 CVE-2012-0067\r\n CVE-2012-0042\r\n CVE-2012-1595", "published": "2013-11-25T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-1569.html", "cvelist": ["CVE-2012-5598", "CVE-2013-3561", "CVE-2011-2174", "CVE-2012-0066", "CVE-2013-4931", "CVE-2012-5595", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2013-4933", "CVE-2012-4288", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-4292", "CVE-2013-4927", "CVE-2012-5599", "CVE-2013-3559", "CVE-2012-6060", "CVE-2013-4932", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-2392", "CVE-2012-6056", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2012-4290", "CVE-2011-1143", "CVE-2012-5600", "CVE-2013-4083", "CVE-2012-6061", "CVE-2012-4285", "CVE-2013-4936", "CVE-2012-6062", "CVE-2013-4935", "CVE-2013-4081", "CVE-2013-3557", "CVE-2012-6059", "CVE-2011-1958", "CVE-2013-4934", "CVE-2012-5597", "CVE-2013-5721", "CVE-2012-3825"], "lastseen": "2016-09-04T11:16:56"}], "redhat": [{"id": "RHSA-2013:0125", "type": "redhat", "title": "(RHSA-2013:0125) Moderate: wireshark security, bug fix, and enhancement update", "description": "Wireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n", "published": "2013-01-08T05:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0125", "cvelist": ["CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2175", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-4285", "CVE-2012-4289", "CVE-2012-4290", "CVE-2012-4291"], "lastseen": "2017-09-09T07:20:07"}, {"id": "RHSA-2012:0509", "type": "redhat", "title": "(RHSA-2012:0509) Moderate: wireshark security update", "description": "Wireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n", "published": "2012-04-23T04:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0509", "cvelist": ["CVE-2011-1143", "CVE-2011-1590", "CVE-2011-1957", "CVE-2011-1958", "CVE-2011-1959", "CVE-2011-2174", "CVE-2011-2175", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-4102", "CVE-2012-0041", "CVE-2012-0042", "CVE-2012-0066", "CVE-2012-0067", "CVE-2012-1595"], "lastseen": "2017-12-25T20:06:22"}], "centos": [{"id": "CESA-2013:0125", "type": "centos", "title": "wireshark security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0125\n\n\nWireshark, previously known as Ethereal, is a network protocol analyzer. It\nis used to capture and browse the traffic running on a computer network.\n\nA heap-based buffer overflow flaw was found in the way Wireshark handled\nEndace ERF (Extensible Record Format) capture files. If Wireshark opened a\nspecially-crafted ERF capture file, it could crash or, possibly, execute\narbitrary code as the user running Wireshark. (CVE-2011-4102)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175,\nCVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067,\nCVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291)\n\nThe CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues\nwere discovered by Huzaifa Sidhpurwala of the Red Hat Security Response\nTeam.\n\nThis update also fixes the following bugs:\n\n* When Wireshark starts with the X11 protocol being tunneled through an SSH\nconnection, it automatically prepares its capture filter to omit the SSH\npackets. If the SSH connection was to a link-local IPv6 address including\nan interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed\nthis address erroneously, constructed an incorrect capture filter and\nrefused to capture packets. The \"Invalid capture filter\" message was\ndisplayed. With this update, parsing of link-local IPv6 addresses is fixed\nand Wireshark correctly prepares a capture filter to omit SSH packets over\na link-local IPv6 connection. (BZ#438473)\n\n* Previously, Wireshark's column editing dialog malformed column names when\nthey were selected. With this update, the dialog is fixed and no longer\nbreaks column names. (BZ#493693)\n\n* Previously, TShark, the console packet analyzer, did not properly analyze\nthe exit code of Dumpcap, Wireshark's packet capturing back end. As a\nresult, TShark returned exit code 0 when Dumpcap failed to parse its\ncommand-line arguments. In this update, TShark correctly propagates the\nDumpcap exit code and returns a non-zero exit code when Dumpcap fails.\n(BZ#580510)\n\n* Previously, the TShark \"-s\" (snapshot length) option worked only for a\nvalue greater than 68 bytes. If a lower value was specified, TShark\ncaptured just 68 bytes of incoming packets. With this update, the \"-s\"\noption is fixed and sizes lower than 68 bytes work as expected. (BZ#580513)\n\nThis update also adds the following enhancement:\n\n* In this update, support for the \"NetDump\" protocol was added. (BZ#484999)\n\nAll users of Wireshark are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement. All running instances of Wireshark must be restarted for the\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/019123.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/000457.html\n\n**Affected packages:**\nwireshark\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0125.html", "published": "2013-01-09T19:42:29", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/019123.html", "cvelist": ["CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1959", "CVE-2011-2698", "CVE-2012-4289", "CVE-2012-4291", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2012-4290", "CVE-2012-4285", "CVE-2011-1958"], "lastseen": "2018-03-09T11:46:07"}, {"id": "CESA-2012:0509", "type": "centos", "title": "wireshark security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:0509\n\n\nWireshark is a program for monitoring network traffic. Wireshark was\npreviously known as Ethereal.\n\nSeveral flaws were found in Wireshark. If Wireshark read a malformed packet\noff a network or opened a malicious dump file, it could crash or, possibly,\nexecute arbitrary code as the user running Wireshark. (CVE-2011-1590,\nCVE-2011-4102, CVE-2012-1595)\n\nSeveral denial of service flaws were found in Wireshark. Wireshark could\ncrash or stop responding if it read a malformed packet off a network, or\nopened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958,\nCVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698,\nCVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066)\n\nUsers of Wireshark should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running instances of\nWireshark must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018591.html\n\n**Affected packages:**\nwireshark\nwireshark-devel\nwireshark-gnome\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0509.html", "published": "2012-04-24T10:27:48", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/018591.html", "cvelist": ["CVE-2011-2174", "CVE-2012-0066", "CVE-2011-2175", "CVE-2011-4102", "CVE-2011-1590", "CVE-2011-1959", "CVE-2011-2597", "CVE-2012-1595", "CVE-2011-2698", "CVE-2012-0042", "CVE-2012-0041", "CVE-2012-0067", "CVE-2011-1957", "CVE-2011-1143", "CVE-2011-1958"], "lastseen": "2017-10-03T18:26:56"}], "gentoo": [{"id": "GLSA-201110-02", "type": "gentoo", "title": "Wireshark: Multiple vulnerabilities", "description": "### Background\n\nWireshark is a versatile network protocol analyzer.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Wireshark users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/wireshark-1.4.9\"", "published": "2011-10-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201110-02", "cvelist": ["CVE-2011-0024", "CVE-2010-2285", "CVE-2011-1142", "CVE-2011-1592", "CVE-2011-2174", "CVE-2011-3482", "CVE-2010-2284", "CVE-2010-2287", "CVE-2011-2175", "CVE-2011-1590", "CVE-2011-3360", "CVE-2011-1959", "CVE-2011-2597", "CVE-2011-2698", "CVE-2011-0444", "CVE-2010-2992", "CVE-2010-4300", "CVE-2010-3133", "CVE-2011-3483", "CVE-2010-2283", "CVE-2010-2995", "CVE-2010-2286", "CVE-2011-0713", "CVE-2011-1957", "CVE-2010-4301", "CVE-2011-1141", "CVE-2010-3445", "CVE-2011-1143", "CVE-2010-4538", "CVE-2011-3266", "CVE-2010-2993", "CVE-2011-1139", "CVE-2011-1956", "CVE-2011-1140", "CVE-2010-2994", "CVE-2011-0538", "CVE-2011-1958", "CVE-2011-1138", "CVE-2011-1591", "CVE-2011-0445"], "lastseen": "2016-09-06T19:46:24"}]}}
