wnpa-sec-2011-14 · Wireshark buffer exception handling vulnerability

Summary

Name: Wireshark buffer exception handling vulnerability

Docid: wnpa-sec-2011-14

Date: September 7, 2011

Affected versions: 1.6.0 to 1.6.1

Fixed versions: 1.6.2

References: Bug 6135
CVE-2011-3483

Details

Description

A malformed capture file could result in an invalid root tvbuff and cause a crash.

Impact

It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 1.6.2 or later.