Resource management error in Wireshark

Published: 2012-08-16 | Updated: 2020-07-28

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2012-4296
CWE-ID	CWE-399
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers
Vendor	Wireshark.org

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU32763

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-4296

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.4.0 - 1.4.14

CPE2.3

cpe:2.3:a:wireshark_org:wireshark:1.4.14:*:*:*:*:*:*:*

External links

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtps2.c?r1=44320&r2=44319&pathrev=44320
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44320
http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
http://secunia.com/advisories/50276
http://secunia.com/advisories/51363
http://secunia.com/advisories/54425
http://www.debian.org/security/2012/dsa-2590
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://www.securityfocus.com/bid/55035
http://www.wireshark.org/security/wnpa-sec-2012-18.html
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7568
http://hermes.opensuse.org/messages/15514562
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15583

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.