wireshark

• Author: Miklos Vajna
• Vulnerable: 1.6.2-1mores1
• Unaffected: 1.6.3-1mores1

Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

1. An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash.
2. A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash.
3. An error within the ERF file parser can be exploited to cause a heap-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code.

• Bug Tracker URL: https://bugs.frugalware.org/ticket/4633

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102