CVE-2011-1592 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-1592 PUBLISHED CVSS 8.699999809265137 HIGH

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.

EPSS 1.36% · 80.1th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

1.36%

80.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
wireshark	wireshark	1.4.0, 1.4.1, 1.4.2

Timeline

Apr 29, 2011 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

MDVSA-2011:083 vendor-advisory
wireshark-nfs-dos(66833) vdb
oval:org.mitre.oval:def:14987 vdb
71847 vdb
[oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5 mailing-list
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209 url
http://www.wireshark.org/security/wnpa-sec-2011-06.html url
44172 third-party-advisory
ADV-2011-1022 vdb
http://anonsvn.wireshark.org/viewvc?revision=34115&view=revision url
[oss-security] 20110418 Wireshark 1.2.16 / 1.4.5 mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2011-1592 advisory

Open in Interactive Console →