CVE-2011-4100

Description

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

How to fix CVE-2011-4100

To remediate CVE-2011-4100, upgrade the affected package to a fixed version below.

• Debian/wireshark—upgrade to 1.6.3-1 or later

Is CVE-2011-4100 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.6.3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4100