Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 |
| CWE-ID | CWE-20 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU43260
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.3
CPE2.3 External linkshttps://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sctp.c?r1=45355&r2=45354&pathrev=45355
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45355
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://rhn.redhat.com/errata/RHSA-2014-0341.html
https://www.wireshark.org/security/wnpa-sec-2012-33.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7802
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16139
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU43261
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6057
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.3
CPE2.3 External linkshttps://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45408
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-34.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15883
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU43262
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6058
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.3:*:*:*:*:*:*:*
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45459
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-40.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16075
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU43263
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6059
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.3:*:*:*:*:*:*:*
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=45510&r2=45509&pathrev=45510
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45510
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-35.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15239
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU43264
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6060
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.3:*:*:*:*:*:*:*
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-iscsi.c?r1=45524&r2=45523&pathrev=45524
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45524
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://rhn.redhat.com/errata/RHSA-2014-0341.html
https://www.wireshark.org/security/wnpa-sec-2012-36.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16038
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU43265
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6061
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.3:*:*:*:*:*:*:*
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-wtp.c?r1=45614&r2=45613&pathrev=45614
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45614
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://rhn.redhat.com/errata/RHSA-2014-0341.html
https://www.wireshark.org/security/wnpa-sec-2012-37.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7869
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15253
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU43266
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6062
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.3:*:*:*:*:*:*:*
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtcp.c?r1=45717&r2=45716&pathrev=45717
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45717
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://rhn.redhat.com/errata/RHSA-2014-0341.html
https://www.wireshark.org/security/wnpa-sec-2012-38.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7879
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15894
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU43267
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6052
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-30.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16040
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU43268
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6053
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero value for this field.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.3:*:*:*:*:*:*:*
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-usb.c?r1=45310&r2=45309&pathrev=45310
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45310
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-31.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7787
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU43269
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6054
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.3
CPE2.3 External linkshttps://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sflow.c?r1=45324&r2=45323&pathrev=45324
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45324
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-32.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7789
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15764
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU43270
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-6055
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.8.0 - 1.8.3
CPE2.3 External linkshttps://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-3g-a11.c?r1=45337&r2=45336&pathrev=45337
https://anonsvn.wireshark.org/viewvc?view=revision&revision=45337
https://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
https://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
https://www.wireshark.org/security/wnpa-sec-2012-39.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7801
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
