#VU32764 Resource management error in Wireshark - CVE-2012-4291

Cybersecurity Help s.r.o.

Published: 2012-08-16 | Updated: 2020-07-28

Vulnerability identifier: #VU32764

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-4291

CWE-ID: CWE-399

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.4.0 - 1.4.14

External links
https://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
https://rhn.redhat.com/errata/RHSA-2013-0125.html
https://secunia.com/advisories/50276
https://secunia.com/advisories/51363
https://secunia.com/advisories/54425
https://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
https://www.securityfocus.com/bid/55035
https://www.wireshark.org/security/wnpa-sec-2012-20.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570
https://hermes.opensuse.org/messages/15514562
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15813

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management error in wireshark (Alpine package)

Resource management error in Wireshark