Vulnerability Details : CVE-2011-0713
Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2011-0713
- cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.2.14:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0713
2.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0713
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-0713
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0713
-
http://www.securitytracker.com/id?1025148
Wireshark pcap-ng, Nokia DCT3, LDAP, and SMB Processing Flaws Let Remote Users Deny Service and Potentially Execute Arbitrary Code - SecurityTracker
-
http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html
Wireshark · Wireshark 1.2.15 Release Notes
-
http://www.vupen.com/english/advisories/2011/0719
Webmail | OVH- OVH
-
http://www.kb.cert.org/vuls/id/215900
VU#215900 - Wireshark 6LoWPAN denial of service vulnerabilityUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:044
mandriva.com
-
http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html
Wireshark · Wireshark 1.4.4 Release Notes
-
http://www.vupen.com/english/advisories/2011/0622
Webmail | OVH- OVH
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65780
Wireshark Nokia DCT3 buffer overflow CVE-2011-0713 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html
[SECURITY] Fedora 13 Update: wireshark-1.2.15-1.fc13
-
http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
code.wireshark Code Review - wireshark.git/treePatch
-
http://www.wireshark.org/security/wnpa-sec-2011-04.html
Wireshark · wnpa-sec-2011-04 · MAC-LTE, ENTTEC, and ASN.1 BER vulnerabilities in WiresharkVendor Advisory
-
http://secunia.com/advisories/43759
Sign in
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html
[SECURITY] Fedora 15 Update: wireshark-1.4.4-1.fc15
-
http://www.vupen.com/english/advisories/2011/0747
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/46416
Wireshark Visual C++ Analyzer Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65460
Wireshark Visual C++ analyzer buffer overflow undefined Vulnerability Report
-
http://openwall.com/lists/oss-security/2011/02/16/13
oss-security - wireshark dct3trace buffer overflow
-
http://www.wireshark.org/security/wnpa-sec-2011-03.html
Wireshark · wnpa-sec-2011-03 · Multiple vulnerabilities in WiresharkVendor Advisory
-
http://secunia.com/advisories/43795
Sign in
-
https://bugzilla.redhat.com/show_bug.cgi?id=678198
678198 – (CVE-2011-0713) CVE-2011-0713 Wireshark: heap-based buffer overflow when reading malformed Nokia DCT3 phone signalling traces
-
http://www.vupen.com/english/advisories/2011/0626
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html
[SECURITY] Fedora 14 Update: wireshark-1.4.4-1.fc14
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14766
Repository / Oval Repository
-
http://www.redhat.com/support/errata/RHSA-2011-0369.html
Support
-
http://www.debian.org/security/2011/dsa-2201
Debian -- Security Information -- DSA-2201-1 wireshark
Jump to