Detections
Analytics
Wireshark 1.4.x < 1.4.15 Multiple Vulnerabilities
high Nessus Plugin ID 61571
Language:
Synopsis
An application installed on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Wireshark installed on the remote Windows host is prior to 1.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.4.15 advisory.- Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. (CVE-2012-4296)
- The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. (CVE-2012-4285)
- Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. (CVE-2012-4288)
- epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. (CVE-2012-4289)
- The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. (CVE-2012-4291)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Wireshark version 1.4.15 or later.See Also
https://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566
https://www.wireshark.org/security/wnpa-sec-2012-13
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571
https://www.wireshark.org/security/wnpa-sec-2012-15
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7603
https://www.wireshark.org/security/wnpa-sec-2012-17
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7568
https://www.wireshark.org/security/wnpa-sec-2012-18
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570
https://www.wireshark.org/security/wnpa-sec-2012-20
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569
https://www.wireshark.org/security/wnpa-sec-2012-21
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562
https://www.wireshark.org/security/wnpa-sec-2012-22
Plugin Details
Severity: High
ID: 61571
File Name: wireshark_1_4_15.nasl
Version: 1.12
Type: Local
Agent: windows
Family: Windows
Published: 8/17/2012
Updated: 4/30/2026
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 3.3
Temporal Score: 2.6
Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2012-4296
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:wireshark:wireshark
Required KB Items: SMB/Registry/Enumerated, installed_sw/Wireshark
Exploit Ease: No known exploits are available
Patch Publication Date: 8/15/2012
Vulnerability Publication Date: 8/15/2012
Reference Information
CVE: CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4296
BID: 55035