CVE-2011-4100 | Vulnerability Database | Aqua Security

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.6.0 (including)	1.6.0 (including)
Wireshark	Wireshark	1.6.1 (including)	1.6.1 (including)
Wireshark	Wireshark	1.6.2 (including)	1.6.2 (including)
Wireshark	Ubuntu	hardy	*
Wireshark	Ubuntu	lucid	*
Wireshark	Ubuntu	maverick	*
Wireshark	Ubuntu	natty	*
Wireshark	Ubuntu	oneiric	*
Wireshark	Ubuntu	upstream	*

References

http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=39140
http://openwall.com/lists/oss-security/2011/11/01/9
http://osvdb.org/76768
http://secunia.com/advisories/46644
http://www.securityfocus.com/bid/50479
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
https://bugzilla.redhat.com/show_bug.cgi?id=750643
https://exchange.xforce.ibmcloud.com/vulnerabilities/71090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14833
http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=39140
http://openwall.com/lists/oss-security/2011/11/01/9
http://osvdb.org/76768
http://secunia.com/advisories/46644
http://www.securityfocus.com/bid/50479
http://www.wireshark.org/security/wnpa-sec-2011-17.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
https://bugzilla.redhat.com/show_bug.cgi?id=750643
https://exchange.xforce.ibmcloud.com/vulnerabilities/71090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14833

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4100
CWE	https://cwe.mitre.org/data/definitions/399.html