Home

CVE-2011-1592

Description

The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.

Risk Information

Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.362

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Wireshark (X64) 1.4.4Windows
Multiple vulnerabilities affected in Wireshark 1.4.4Windows
Multiple Vulnerabilities are affected in Wireshark (X64) 1.4.0Windows
Multiple Vulnerabilities are affected in Wireshark (X64) 1.4.1Windows
Multiple Vulnerabilities are affected in Wireshark (X64) 1.4.2Windows
Multiple Vulnerabilities are affected in Wireshark (X64) 1.4.3Windows
Multiple Vulnerabilities are affected in Wireshark 1.4.0Windows
Multiple Vulnerabilities are affected in Wireshark 1.4.1Windows
Multiple Vulnerabilities are affected in Wireshark 1.4.2Windows
Multiple Vulnerabilities are affected in Wireshark 1.4.3Windows
Multiple Vulnerabilities are affected in Wireshark (X64) 1.4.4Windows
Multiple Vulnerabilities are affected in Wireshark 1.4.4Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343288Wireshark (X64) (4.4.2)
PATCH-338541Wireshark (3.6.24)
PATCH-352320Wireshark (X64) (4.6.0)
PATCH-352320Wireshark (X64) (4.6.0)
PATCH-352320Wireshark (X64) (4.6.0)
PATCH-352320Wireshark (X64) (4.6.0)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-352320Wireshark (X64) (4.6.0)
PATCH-338541Wireshark (3.6.24)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234