CVE-2012-4294
Gentoo Linux Security Advisory 201308-05
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
Un desbordamiento de búfer en la función channelised_fill_sdh_g707_format en epan/dissectors/packet-erf.c en el disector de ERF en Wireshark v1.8.x antes de v1.8.2 permite a atacantes remotos ejecutar código de su elección a través de un valor de velocidad (aka rate) demasiado grande.
Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.10.1 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-14 CVE Reserved
- 2012-08-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-02-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377 | X_refsource_confirm | |
| http://secunia.com/advisories/50276 | Third Party Advisory | |
| http://secunia.com/advisories/51363 | Third Party Advisory | |
| http://secunia.com/advisories/54425 | Third Party Advisory | |
| http://www.securityfocus.com/bid/55035 | Vdb Entry | |
| https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3 | X_refsource_confirm | |
| https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15673 | Signature |
| URL | Date | SRC |
|---|---|---|
| http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml | 2017-09-19 | |
| http://www.wireshark.org/security/wnpa-sec-2012-16.html | 2017-09-19 | |
| https://hermes.opensuse.org/messages/15514562 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.8.0 Search vendor "Wireshark" for product "Wireshark" and version "1.8.0" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.8.1 Search vendor "Wireshark" for product "Wireshark" and version "1.8.1" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sunos Search vendor "Sun" for product "Sunos" | 5.11 Search vendor "Sun" for product "Sunos" and version "5.11" | - |
Affected
| ||||||