PT-2011-2901 · Wireshark · Wireshark

Lego

Published

2011-03-02

Updated

2024-10-21

CVE-2011-1142

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 1.2.x through 1.2.15 Wireshark versions 1.4.x through 1.4.4

Description The issue is related to a stack consumption vulnerability in the dissect ber choice function within the BER dissector. This vulnerability might allow remote attackers to cause a denial of service, resulting in an infinite loop. The attack vectors involve self-referential ASN.1 CHOICE values.

Recommendations For Wireshark versions 1.2.x through 1.2.15, update to a version outside of this range to mitigate the risk. For Wireshark versions 1.4.x through 1.4.4, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the use of the BER dissector until a patch is available.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2011-1142

Affected Products

Wireshark

PT-2011-2901 · Wireshark · Wireshark

CVE-2011-1142

Weakness Enumeration

Related Identifiers

Affected Products

References · 12