Resource management error in Wireshark

1) Resource management error

EUVDB-ID: #VU32794

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2012-2392

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.4.0 - 1.4.12

CPE2.3

• cpe:2.3:a:wireshark_org:wireshark:1.4.12:*:*:*:*:*:*:*

External links

http://secunia.com/advisories/49226
http://www.mandriva.com/security/advisories?name=MDVSA-2012:015
http://www.mandriva.com/security/advisories?name=MDVSA-2012:042
http://www.mandriva.com/security/advisories?name=MDVSA-2012:080
http://www.securitytracker.com/id?1027094
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15604

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.