ID CVE-2012-3548
Summary The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.
References
Vulnerable Configurations
  • Wireshark 1.8.0
    cpe:2.3:a:wireshark:wireshark:1.8.0
  • Wireshark 1.8.1
    cpe:2.3:a:wireshark:wireshark:1.8.1
  • Wireshark 1.8.2
    cpe:2.3:a:wireshark:wireshark:1.8.2
  • Wireshark 1.6.0
    cpe:2.3:a:wireshark:wireshark:1.6.0
  • Wireshark 1.6.1
    cpe:2.3:a:wireshark:wireshark:1.6.1
  • Wireshark 1.6.10
    cpe:2.3:a:wireshark:wireshark:1.6.10
  • Wireshark 1.6.2
    cpe:2.3:a:wireshark:wireshark:1.6.2
  • Wireshark 1.6.3
    cpe:2.3:a:wireshark:wireshark:1.6.3
  • Wireshark 1.6.4
    cpe:2.3:a:wireshark:wireshark:1.6.4
  • Wireshark 1.6.5
    cpe:2.3:a:wireshark:wireshark:1.6.5
  • Wireshark 1.6.6
    cpe:2.3:a:wireshark:wireshark:1.6.6
  • Wireshark 1.6.7
    cpe:2.3:a:wireshark:wireshark:1.6.7
  • Wireshark 1.6.8
    cpe:2.3:a:wireshark:wireshark:1.6.8
  • Wireshark 1.6.9
    cpe:2.3:a:wireshark:wireshark:1.6.9
CVSS
Base: 4.3 (as of 02-12-2015 - 10:50)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A77064141BE711E29AAD902B343DEEC9.NASL
    description Wireshark reports : The HSRP dissector could go into an infinite loop. The PPP dissector could abort. Martin Wilck discovered an infinite loop in the DRDA dissector. Laurent Butti discovered a buffer overflow in the LDP dissector.
    last seen 2018-11-24
    modified 2018-11-23
    plugin id 62649
    published 2012-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62649
    title FreeBSD : Wireshark -- Multiple Vulnerabilities (a7706414-1be7-11e2-9aad-902b343deec9)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_WIRESHARK_20130129.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. (CVE-2012-3548) - The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. (CVE-2012-5237) - epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. (CVE-2012-5238) - Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. (CVE-2012-5240)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80805
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80805
    title Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark4)
  • NASL family Windows
    NASL id WIRESHARK_1_6_11.NASL
    description The installed version of Wireshark 1.6 is earlier than 1.6.11. It thus is affected by a denial of service vulnerability. A malformed packet can cause the 'DRDA' dissector to enter an infinite loop thereby consuming excessive CPU resources.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62477
    published 2012-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62477
    title Wireshark 1.6.x < 1.6.11 DRDA DoS
  • NASL family Windows
    NASL id WIRESHARK_1_8_3.NASL
    description The installed version of Wireshark 1.8 is earlier than 1.8.3. It thus is affected by the following vulnerabilities : - A malformed packet can cause the 'DRDA' and 'HSRP' dissectors to enter an infinite loop, thereby consuming excessive CPU resources. (CVE-2012-3548, CVE-2012-5237) - A malformed packet can cause the 'PPP' dissector to crash the application. (CVE-2012-5238) - A malformed packet can trigger a buffer overflow in the 'LDP' dissector, which results in an application crash. (CVE-2012-5240)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 62478
    published 2012-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62478
    title Wireshark 1.8.x < 1.8.3 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5415F1B3F33D11E18BD80022156E8794.NASL
    description RedHat security team reports : A denial of service flaw was found in the way Distributed Relational Database Architecture (DRDA) dissector of Wireshark, a network traffic analyzer, performed processing of certain DRDA packet capture files. A remote attacker could create a specially crafted capture file that, when opened could lead to wireshark executable to consume excessive amount of CPU time and hang with an infinite loop.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 61763
    published 2012-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61763
    title FreeBSD : wireshark -- denial of service in DRDA dissector (5415f1b3-f33d-11e1-8bd8-0022156e8794)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201308-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201308-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 69500
    published 2013-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69500
    title GLSA-201308-05 : Wireshark: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-055.NASL
    description Multiple vulnerabilities has been found and corrected in wireshark : Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti (http://www.wireshark.org/security/wnpa-sec-2012-08.html [CVE-2012-2392]) The DIAMETER dissector could try to allocate memory improperly and crash (http://www.wireshark.org/security/wnpa-sec-2012-09.html [CVE-2012-2393]) Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann (http://www.wireshark.org/security/wnpa-sec-2012-10.html [CVE-2012-2394]) The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump (CVE-2012-4048). epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet (CVE-2012-4049). The DCP ETSI dissector could trigger a zero division (CVE-2012-4285). The XTP dissector could go into an infinite loop (CVE-2012-4288). The AFP dissector could go into a large loop (CVE-2012-4289). The RTPS2 dissector could overflow a buffer (CVE-2012-4296). The GSM RLC MAC dissector could overflow a buffer (CVE-2012-4297). The CIP dissector could exhaust system memory (CVE-2012-4291). The STUN dissector could crash (CVE-2012-4292). The EtherCAT Mailbox dissector could abort (CVE-2012-4293). The CTDB dissector could go into a large loop (CVE-2012-4290). Martin Wilck discovered an infinite loop in the DRDA dissector (CVE-2012-5239). The USB dissector could go into an infinite loop. (wnpa-sec-2012-31) The ISAKMP dissector could crash. (wnpa-sec-2012-35) The iSCSI dissector could go into an infinite loop. (wnpa-sec-2012-36) The WTP dissector could go into an infinite loop. (wnpa-sec-2012-37) The RTCP dissector could go into an infinite loop. (wnpa-sec-2012-38) The ICMPv6 dissector could go into an infinite loop. (wnpa-sec-2012-40) Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors (wnpa-sec-2013-01). The CLNP dissector could crash (wnpa-sec-2013-02). The DTN dissector could crash (wnpa-sec-2013-03). The MS-MMC dissector (and possibly others) could crash (wnpa-sec-2013-04). The DTLS dissector could crash (wnpa-sec-2013-05). The DCP-ETSI dissector could corrupt memory (wnpa-sec-2013-07). The Wireshark dissection engine could crash (wnpa-sec-2013-08). The NTLMSSP dissector could overflow a buffer (wnpa-sec-2013-09). The sFlow dissector could go into an infinite loop (CVE-2012-6054). The SCTP dissector could go into an infinite loop (CVE-2012-6056). The MS-MMS dissector could crash (CVE-2013-2478). The RTPS and RTPS2 dissectors could crash (CVE-2013-2480). The Mount dissector could crash (CVE-2013-2481). The AMPQ dissector could go into an infinite loop (CVE-2013-2482). The ACN dissector could attempt to divide by zero (CVE-2013-2483). The CIMD dissector could crash (CVE-2013-2484). The FCSP dissector could go into an infinite loop (CVE-2013-2485). The DTLS dissector could crash (CVE-2013-2488). This advisory provides the latest version of Wireshark (1.6.14) which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66069
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66069
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2013:055)
oval via4
accepted 2013-08-19T04:01:14.497-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.
family windows
id oval:org.mitre.oval:def:15646
status accepted
submitted 2012-08-31T09:46:44.229-04:00
title The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file
version 7
refmap via4
confirm
gentoo GLSA-201308-05
mlist [oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector
sectrack 1027464
secunia 54425
Last major update 02-12-2015 - 12:11
Published 30-08-2012 - 18:55
Last modified 18-09-2017 - 21:35
Back to Top