Multiple vulnerabilities in Wireshark
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2012-3825 CVE-2012-3826 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43921
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-3825
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.4.0 - 1.6.7
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.6.7:*:*:*:*:*:*:*
http://secunia.com/advisories/49226
http://www.securitytracker.com/id?1027094
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15478
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43922
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-3826
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.4.0 - 1.6.7
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.6.7:*:*:*:*:*:*:*
http://secunia.com/advisories/49226
http://www.securitytracker.com/id?1027094
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15536
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
