Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2012-5237 CVE-2012-5238 CVE-2012-5240 CVE-2012-3548 |
| CWE-ID | CWE-399 CWE-20 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU43434
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-5237
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.2
CPE2.3 External linkshttp://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-hsrp.c?r1=44454&r2=44453&pathrev=44454
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44454
http://osvdb.org/85884
http://www.securityfocus.com/bid/55754
http://www.securitytracker.com/id?1027604
http://www.wireshark.org/security/wnpa-sec-2012-26.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7581
http://exchange.xforce.ibmcloud.com/vulnerabilities/79009
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14992
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43435
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-5238
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.2
CPE2.3 External linkshttp://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688
http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688
http://osvdb.org/85883
http://www.securityfocus.com/bid/55754
http://www.securitytracker.com/id?1027604
http://www.wireshark.org/security/wnpa-sec-2012-27.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668
http://exchange.xforce.ibmcloud.com/vulnerabilities/79010
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU43436
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-5240
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.2
CPE2.3 External linkshttp://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ldp.c?r1=44801&r2=44800&pathrev=44801
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44801
http://www.securityfocus.com/bid/55754
http://www.securitytracker.com/id?1027604
http://www.wireshark.org/security/wnpa-sec-2012-29.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7046
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7567
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15691
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU43649
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-3548
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.2
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.6.10:*:*:*:*:*:*:*
http://openwall.com/lists/oss-security/2012/08/29/4
http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://www.securitytracker.com/id?1027464
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666
http://bugzilla.redhat.com/show_bug.cgi?id=849926
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
