CVE-2011-3266

The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
wiresharkwireshark
1.6.0
wiresharkwireshark
1.6.1
wiresharkwireshark
1.4.0
wiresharkwireshark
1.4.1
wiresharkwireshark
1.4.2
wiresharkwireshark
1.4.3
wiresharkwireshark
1.4.4
wiresharkwireshark
1.4.5
wiresharkwireshark
1.4.6
wiresharkwireshark
1.4.7
wiresharkwireshark
1.4.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
saucy
Fixed 1.6.2-1
released
raring
Fixed 1.6.2-1
released
quantal
Fixed 1.6.2-1
released
precise
Fixed 1.6.2-1
released
oneiric
Fixed 1.6.2-1
released
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html
http://securityreason.com/securityalert/8351
http://securitytracker.com/id?1025875
http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
http://www.securityfocus.com/archive/1/519049/100/0/threaded
http://www.securityfocus.com/bid/49377
http://www.wireshark.org/security/wnpa-sec-2011-13.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/69411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15042
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00022.html
http://securityreason.com/securityalert/8351
http://securitytracker.com/id?1025875
http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
http://www.securityfocus.com/archive/1/519049/100/0/threaded
http://www.securityfocus.com/bid/49377
http://www.wireshark.org/security/wnpa-sec-2011-13.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/69411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15042