CVE-2012-0042

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.

References

http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194

http://rhn.redhat.com/errata/RHSA-2013-0125.html

http://secunia.com/advisories/47494

http://secunia.com/advisories/48947

http://secunia.com/advisories/54425

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

http://www.openwall.com/lists/oss-security/2012/01/11/7

http://www.securitytracker.com/id?1026507

http://www.wireshark.org/security/wnpa-sec-2012-02.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15368

Details

Source: MITRE

Published: 2012-04-11

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 2.9

Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 5.5

Severity: LOW

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
80801Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)NessusSolaris Local Security Checks
medium
76047openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1)NessusSuSE Local Security Checks
medium
74551openSUSE Security Update : wireshark (openSUSE-2012-123)NessusSuSE Local Security Checks
medium
69500GLSA-201308-05 : Wireshark: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68696Oracle Linux 5 : wireshark (ELSA-2013-0125)NessusOracle Linux Local Security Checks
medium
68516Oracle Linux 6 : wireshark (ELSA-2012-0509)NessusOracle Linux Local Security Checks
medium
63606Scientific Linux Security Update : wireshark on SL5.x i386/x86_64 (20130108)NessusScientific Linux Local Security Checks
medium
63570CentOS 5 : wireshark (CESA-2013:0125)NessusCentOS Local Security Checks
medium
63408RHEL 5 : wireshark (RHSA-2013:0125)NessusRed Hat Local Security Checks
medium
61303Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20120423)NessusScientific Linux Local Security Checks
medium
58849CentOS 6 : wireshark (CESA-2012:0509)NessusCentOS Local Security Checks
medium
58841RHEL 6 : wireshark (RHSA-2012:0509)NessusRed Hat Local Security Checks
medium
58117SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)NessusSuSE Local Security Checks
medium
58115SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)NessusSuSE Local Security Checks
medium
57735Debian DSA-2395-1 : wireshark - buffer underflowNessusDebian Local Security Checks
medium
57670Fedora 15 : wireshark-1.4.11-1.fc15 (2012-0440)NessusFedora Local Security Checks
medium
57624Fedora 16 : wireshark-1.6.5-1.fc16 (2012-0435)NessusFedora Local Security Checks
medium
57539Wireshark 1.6.x < 1.6.5 Multiple VulnerabilitiesNessusWindows
high
57538Wireshark 1.4.x < 1.4.11 Multiple VulnerabilitiesNessusWindows
high