Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3360 — Wireshark vulnerability

8 documents8 sources

Severity

9.3CRITICALNVD

EPSS

65.8%

top 1.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedSep 20

Latest updateMay 17

Description

Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.6.2-1 (bookworm)

▶Debianwireshark/wireshark< 1.6.2-1+3

▶NVDwireshark/wireshark11 versions+10

🔴Vulnerability Details

GHSA

GHSA-6c9g-wrqp-q548: Untrusted search path vulnerability in Wireshark 1↗2022-05-17

▶

OSV

CVE-2011-3360: Untrusted search path vulnerability in Wireshark 1↗2011-09-20

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - console.lua pre-loading (Metasploit)↗2011-11-19

▶

Metasploit

Wireshark console.lua Pre-Loading Script Execution↗

▶

📋Vendor Advisories

Red Hat

Wireshark: Lua script execution vulnerability↗2011-07-28

▶

Debian

CVE-2011-3360: wireshark - Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x be...↗2011

▶

💬Community

Bugzilla

CVE-2011-3360 Wireshark: Lua script execution vulnerability↗2011-09-13

▶