Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-1140 — Wireshark vulnerability
Severity
4.3MEDIUMNVD
EPSS
30.8%
top 3.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 3
Latest updateMay 17
Description
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-rjw2-p6xh-g64w: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1↗2022-05-17
OSV▶
CVE-2011-1140: Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1↗2011-03-03