#VU32775 Code Injection in Wireshark - CVE-2012-4048

Cybersecurity Help s.r.o.

Published: 2012-07-24 | Updated: 2020-07-28

Vulnerability identifier: #VU32775

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-4048

CWE-ID: CWE-94

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.4.0 - 1.4.13

External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056
https://lists.opensuse.org/opensuse-updates/2012-08/msg00000.html
https://secunia.com/advisories/49971
https://secunia.com/advisories/54425
https://www.debian.org/security/2012/dsa-2590
https://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
https://www.wireshark.org/security/wnpa-sec-2012-11.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15547

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Code Injection in wireshark (Alpine package)

Code Injection in Wireshark