Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1591Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow13 documents8 sources
Severity
9.3CRITICALNVD
EPSS
77.2%
top 1.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedApr 29
Latest updateMay 17

Description

Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.4.5-1 (bookworm)
Debianwireshark/wireshark< 1.4.5-1+3
NVDwireshark/wireshark5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-8qjg-52x8-f83x: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect2022-05-17
OSV
CVE-2011-1591: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect2011-04-29

💥Exploits & PoCs

6
Exploit-DB
Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow2011-11-22
Exploit-DB
Wireshark 1.4.4 - 'packet-dect.c' Local Stack Buffer Overflow (Metasploit) (1)2011-04-19
Exploit-DB
Wireshark 1.4.4 - 'packet-dect.c' Remote Stack Buffer Overflow (Metasploit) (2)2011-04-19
Exploit-DB
Wireshark 1.4.1 < 1.4.4 - Local Overflow (SEH)2011-04-18
Metasploit
Wireshark packet-dect.c Stack Buffer Overflow (local)

📋Vendor Advisories

2
Red Hat
Wireshark: Heap-based buffer overflow in DECT dissector2011-04-15
Debian
CVE-2011-1591: wireshark - Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect...2011

💬Community

2
Bugzilla
CVE-2011-1591 Wireshark: Heap-based buffer overflow in DECT dissector2011-04-19
Bugzilla
CVE-2011-1590 CVE-2011-1591 wireshark various flaws [fedora-all]2011-04-19