CVE-2011-0444 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

10.0CRITICALNVD

EPSS

4.7%

top 10.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJan 13

Latest updateApr 3

Description

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.2.11-6 (bookworm)

▶Debianwireshark/wireshark< 1.2.11-6+3

▶NVDwireshark/wireshark18 versions+17

Patches

Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-rfw5-q6jx-2g3h: Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte↗2022-05-17

▶

OSV

CVE-2011-0444: Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte↗2011-01-13

▶

📋Vendor Advisories

Red Hat

wireshark: buffer overflow in MAC-LTE disector (upstream bug #5530)↗2011-01-11

▶

Debian

CVE-2011-0444: wireshark - Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in W...↗2011

▶

📄Research Papers

arXiv

Dynamic Neural Control Flow Execution: An Agent-Based Deep Equilibrium Approach for Binary Vulnerability Detection↗2024-04-03

▶

arXiv

SAFE: Self-Attentive Function Embeddings for Binary Similarity↗2019-12-19

▶

💬Community

Bugzilla

CVE-2011-0444 wireshark: buffer overflow in MAC-LTE disector (upstream bug #5530) [fedora-all]↗2011-01-13

▶

Bugzilla

CVE-2011-0444 wireshark: buffer overflow in MAC-LTE disector (upstream bug #5530)↗2011-01-13

▶