CVE-2011-2698 | Vulnerability Database | Aqua Security

Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.4.0 (including)	1.4.0 (including)
Wireshark	Wireshark	1.4.1 (including)	1.4.1 (including)
Wireshark	Wireshark	1.4.2 (including)	1.4.2 (including)
Wireshark	Wireshark	1.4.3 (including)	1.4.3 (including)
Wireshark	Wireshark	1.4.4 (including)	1.4.4 (including)
Wireshark	Wireshark	1.4.5 (including)	1.4.5 (including)
Wireshark	Wireshark	1.4.6 (including)	1.4.6 (including)
Wireshark	Wireshark	1.4.7 (including)	1.4.7 (including)
Wireshark	Wireshark	1.6.0 (including)	1.6.0 (including)

References

http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=37930
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html
http://rhn.redhat.com/errata/RHSA-2013-0125.html
http://secunia.com/advisories/45086
http://secunia.com/advisories/45574
http://secunia.com/advisories/48947
http://www.openwall.com/lists/oss-security/2011/07/19/5
http://www.openwall.com/lists/oss-security/2011/07/20/2
http://www.securityfocus.com/bid/49071
http://www.wireshark.org/security/wnpa-sec-2011-10.html
http://www.wireshark.org/security/wnpa-sec-2011-11.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044
https://bugzilla.redhat.com/show_bug.cgi?id=723215
https://exchange.xforce.ibmcloud.com/vulnerabilities/69074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2698
CWE	https://cwe.mitre.org/data/definitions/189.html