Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0538 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

24.0%

top 3.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedFeb 8

Latest updateMay 17

Description

Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.4.3-3 (bookworm)

▶Debianwireshark/wireshark< 1.4.3-3+3

▶NVDwireshark/wireshark20 versions+19

Patches

Patch: openwall.com ↗Patch: bugs.wireshark.org ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-mh8c-wx62-vg9v: Wireshark 1↗2022-05-17

▶

OSV

CVE-2011-0538: Wireshark 1↗2011-02-08

▶

💥Exploits & PoCs

Exploit-DB

Wireshark 1.4.3 - '.pcap' Memory Corruption↗2011-02-03

▶

📋Vendor Advisories

Red Hat

Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652)↗2011-02-03

▶

Debian

CVE-2011-0538: wireshark - Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitia...↗2011

▶

💬Community

Bugzilla

CVE-2011-0538 CVE-2010-3445 CVE-2011-1143 CVE-2011-1140 CVE-2011-1138 CVE-2011-1139 wireshark various flaws [fedora-all]↗2011-02-11

▶

Bugzilla

CVE-2011-0538 Wireshark: memory corruption when reading a malformed pcap file (upstream bug #5652)↗2011-02-09

▶