Code Injection in Wireshark
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2012-4048 |
| CWE-ID | CWE-94 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Code Injection
EUVDB-ID: #VU32775
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-4048
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.4.0 - 1.4.13
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.4.9:*:*:*:*:*:*:*
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056
https://lists.opensuse.org/opensuse-updates/2012-08/msg00000.html
https://secunia.com/advisories/49971
https://secunia.com/advisories/54425
https://www.debian.org/security/2012/dsa-2590
https://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
https://www.wireshark.org/security/wnpa-sec-2012-11.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15547
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
