CVE-2011-1142

Published: Mar 3, 2011Modified: Apr 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.

Affected (21)

Products: Wireshark: Wireshark

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.2.0
Wireshark Wireshark	Version 1.2.10
Wireshark Wireshark	Version 1.2.11
Wireshark Wireshark	Version 1.2.12
Wireshark Wireshark	Version 1.2.13
Wireshark Wireshark	Version 1.2.14
Wireshark Wireshark	Version 1.2.15
Wireshark Wireshark	Version 1.2.1
Wireshark Wireshark	Version 1.2.2
Wireshark Wireshark	Version 1.2.3
Wireshark Wireshark	Version 1.2.4
Wireshark Wireshark	Version 1.2.5
Wireshark Wireshark	Version 1.2.6
Wireshark Wireshark	Version 1.2.7
Wireshark Wireshark	Version 1.2.8
Wireshark Wireshark	Version 1.2.9
Wireshark Wireshark	Version 1.4.0
Wireshark Wireshark	Version 1.4.1
Wireshark Wireshark	Version 1.4.2
Wireshark Wireshark	Version 1.4.3
Wireshark Wireshark	Version 1.4.4

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (14)

http://www.mandriva.com/security/advisories?name=MDVSA-2011:044

Source: cve@mitre.org

Broken Link

http://www.securitytracker.com/id?1025148

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2011/0622

Source: cve@mitre.org

Broken Link

http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html

Source: cve@mitre.org

Release Notes

http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html

Source: cve@mitre.org

Release Notes

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14724

Source: cve@mitre.org

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2011:044

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securitytracker.com/id?1025148

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2011/0622

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14724

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.