Main Vulnerability Database SB2012021407

SB2012021407 - Input validation error in wireshark (Alpine package)

Published: February 14, 2012

Security Bulletin ID SB2012021407

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-0041)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=74a62ffbe4654f52e01f030c73e3b221e95258f2
https://git.alpinelinux.org/aports/commit/?id=f541fbe48c02ea8b32dbc1674a27004ecbcd2d45