Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-3266

The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.

Related bugs and status

CVE-2011-3266 (Candidate) is related to these bugs:

Bug #845892: [Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2

Summary				In	Importance	Status
	845892	[Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2		wireshark (Ubuntu)	Undecided	Fix Released
	845892	[Bugfix release] Multiple vulnerabilities fixed in Wireshark 1.6.2		wireshark (Debian)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECTRACK: 1025875
SREASON: 8351
CONFIRM: http://www.wireshark.o...
BID: 49377
MANDRIVA: MDVSA-2011:138
SUSE: SUSE-SU-2011:1262
SUSE: openSUSE-SU-2011:1263
XF: wireshark-prototreeadd...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20110728 Wireshark 1.6...