CVE-2011-2698 | Vulnerability Database | Aqua Security

Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.6.0	1.6.0
Wireshark	Wireshark	1.4.7	1.4.7
Wireshark	Wireshark	1.4.2	1.4.2
Wireshark	Wireshark	1.4.0	1.4.0
Wireshark	Wireshark	1.4.5	1.4.5
Wireshark	Wireshark	1.4.4	1.4.4
Wireshark	Wireshark	1.4.6	1.4.6
Wireshark	Wireshark	1.4.3	1.4.3
Wireshark	Wireshark	1.4.1	1.4.1
Red Hat Enterprise Linux 5	RedHat	wireshark-0:1.0.15-5.el5	*
Red Hat Enterprise Linux 6	RedHat	wireshark-0:1.2.15-2.el6_2.1	*
Wireshark	Ubuntu	hardy	*
Wireshark	Ubuntu	lucid	*
Wireshark	Ubuntu	maverick	*
Wireshark	Ubuntu	natty	*
Wireshark	Ubuntu	upstream	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044
http://www.securityfocus.com/bid/49071
http://www.wireshark.org/security/wnpa-sec-2011-10.html
http://secunia.com/advisories/45574
http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=37930
http://www.openwall.com/lists/oss-security/2011/07/19/5
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html
http://www.wireshark.org/security/wnpa-sec-2011-11.html
http://secunia.com/advisories/45086
https://bugzilla.redhat.com/show_bug.cgi?id=723215
http://www.openwall.com/lists/oss-security/2011/07/20/2
http://secunia.com/advisories/48947
http://rhn.redhat.com/errata/RHSA-2013-0125.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/69074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2698
CWE	https://cwe.mitre.org/data/definitions/189.html