#VU32794 Resource management error in Wireshark - CVE-2012-2392
Published: June 30, 2012 / Updated: July 29, 2020
Vulnerability identifier: #VU32794
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2012-2392
CWE-ID: CWE-399
Exploitation vector: Adjecent network
Exploit availability:
Public exploit is available
Vulnerable software:
Wireshark
Wireshark
Software vendor:
Wireshark.org
Wireshark.org
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
Remediation
Install update from vendor's website.
External links
- http://secunia.com/advisories/49226
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:015
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:042
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:080
- http://www.securitytracker.com/id?1027094
- http://www.wireshark.org/security/wnpa-sec-2012-08.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15604