CVE-2012-0066

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.

References

http://anonsvn.wireshark.org/viewvc?view=revision&revision=40165

http://anonsvn.wireshark.org/viewvc?view=revision&revision=40166

http://rhn.redhat.com/errata/RHSA-2013-0125.html

http://secunia.com/advisories/47494

http://secunia.com/advisories/48947

http://secunia.com/advisories/54425

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

http://www.openwall.com/lists/oss-security/2012/01/11/7

http://www.openwall.com/lists/oss-security/2012/01/20/4

http://www.wireshark.org/security/wnpa-sec-2012-01.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15111

Details

Source: MITRE

Published: 2012-04-11

Updated: 2017-09-19

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
80801Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)NessusSolaris Local Security Checks
medium
76047openSUSE Security Update : wireshark (openSUSE-SU-2012:0295-1)NessusSuSE Local Security Checks
medium
74551openSUSE Security Update : wireshark (openSUSE-2012-123)NessusSuSE Local Security Checks
medium
69500GLSA-201308-05 : Wireshark: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68696Oracle Linux 5 : wireshark (ELSA-2013-0125)NessusOracle Linux Local Security Checks
medium
68516Oracle Linux 6 : wireshark (ELSA-2012-0509)NessusOracle Linux Local Security Checks
medium
63606Scientific Linux Security Update : wireshark on SL5.x i386/x86_64 (20130108)NessusScientific Linux Local Security Checks
medium
63570CentOS 5 : wireshark (CESA-2013:0125)NessusCentOS Local Security Checks
medium
63408RHEL 5 : wireshark (RHSA-2013:0125)NessusRed Hat Local Security Checks
medium
61303Scientific Linux Security Update : wireshark on SL6.x i386/x86_64 (20120423)NessusScientific Linux Local Security Checks
medium
58849CentOS 6 : wireshark (CESA-2012:0509)NessusCentOS Local Security Checks
medium
58841RHEL 6 : wireshark (RHSA-2012:0509)NessusRed Hat Local Security Checks
medium
58117SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)NessusSuSE Local Security Checks
medium
58115SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)NessusSuSE Local Security Checks
medium
57735Debian DSA-2395-1 : wireshark - buffer underflowNessusDebian Local Security Checks
medium
57646FreeBSD : Wireshark -- Multiple vulnerabilities (3ebb2dc8-4609-11e1-9f47-00e0815b8da8)NessusFreeBSD Local Security Checks
medium
57539Wireshark 1.6.x < 1.6.5 Multiple VulnerabilitiesNessusWindows
high
57538Wireshark 1.4.x < 1.4.11 Multiple VulnerabilitiesNessusWindows
high