CVE-2011-0024 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

1.8%

top 17.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedMar 28

Latest updateMay 3

Description

Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2-0-1 (bookworm)

▶Debianwireshark/wireshark< 1.2-0-1+3

▶NVDwireshark/wireshark1.0.16+23

🔴Vulnerability Details

GHSA

GHSA-v7qp-r7xw-hqm2: Heap-based buffer overflow in wiretap/pcapng↗2022-05-03

▶

OSV

CVE-2011-0024: Heap-based buffer overflow in wiretap/pcapng↗2011-03-28

▶

📋Vendor Advisories

Red Hat

wireshark: heap-based buffer overflow in wireshark < 1.2 when reading malformed capture files↗2011-03-21

▶

Debian

CVE-2011-0024: wireshark - Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows re...↗2011

▶

💬Community

Bugzilla

CVE-2011-0024 wireshark: heap-based buffer overflow in wireshark < 1.2 when reading malformed capture files↗2011-01-21

▶