ID CVE-2012-3826
Summary Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
References
Vulnerable Configurations
  • Wireshark 1.4.9
    cpe:2.3:a:wireshark:wireshark:1.4.9
  • Wireshark 1.4.3
    cpe:2.3:a:wireshark:wireshark:1.4.3
  • Wireshark 1.4.11
    cpe:2.3:a:wireshark:wireshark:1.4.11
  • Wireshark 1.4.6
    cpe:2.3:a:wireshark:wireshark:1.4.6
  • Wireshark 1.4.5
    cpe:2.3:a:wireshark:wireshark:1.4.5
  • Wireshark 1.4.7
    cpe:2.3:a:wireshark:wireshark:1.4.7
  • Wireshark 1.4.8
    cpe:2.3:a:wireshark:wireshark:1.4.8
  • Wireshark 1.4.10
    cpe:2.3:a:wireshark:wireshark:1.4.10
  • Wireshark 1.4.2
    cpe:2.3:a:wireshark:wireshark:1.4.2
  • Wireshark 1.4.1
    cpe:2.3:a:wireshark:wireshark:1.4.1
  • Wireshark 1.4.0
    cpe:2.3:a:wireshark:wireshark:1.4.0
  • Wireshark 1.4.4
    cpe:2.3:a:wireshark:wireshark:1.4.4
  • Wireshark 1.4.12
    cpe:2.3:a:wireshark:wireshark:1.4.12
  • Wireshark 1.4.13
    cpe:2.3:a:wireshark:wireshark:1.4.13
  • Wireshark 1.6.0
    cpe:2.3:a:wireshark:wireshark:1.6.0
  • Wireshark 1.6.1
    cpe:2.3:a:wireshark:wireshark:1.6.1
  • Wireshark 1.6.2
    cpe:2.3:a:wireshark:wireshark:1.6.2
  • Wireshark 1.6.3
    cpe:2.3:a:wireshark:wireshark:1.6.3
  • Wireshark 1.6.4
    cpe:2.3:a:wireshark:wireshark:1.6.4
  • Wireshark 1.6.5
    cpe:2.3:a:wireshark:wireshark:1.6.5
  • Wireshark 1.6.6
    cpe:2.3:a:wireshark:wireshark:1.6.6
  • Wireshark 1.6.7
    cpe:2.3:a:wireshark:wireshark:1.6.7
CVSS
Base: 3.3 (as of 02-07-2012 - 13:24)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Wireshark Multiple Dissector Denial of Service Vulnerabilities. CVE-2012-2392,CVE-2012-3825,CVE-2012-3826. Dos exploits for multiple platform
id EDB-ID:18919
last seen 2016-02-02
modified 2012-05-24
published 2012-05-24
reporter Laurent Butti
source https://www.exploit-db.com/download/18919/
title Wireshark Multiple Dissector Denial of Service Vulnerabilities
nessus via4
NASL family Fedora Local Security Checks
NASL id FEDORA_2012-10175.NASL
description Update to latest upstream release, fixing few security bugs. CVE-2012-2392: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors. CVE-2012-2393: Memory allocation flaw in the DIAMETER dissector. CVE-2012-2394: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors. CVE-2012-3825: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS CVE-2012-3826: Integer overflows in the R3 dissector, leading to DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2019-02-21
modified 2018-11-28
plugin id 59940
published 2012-07-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=59940
title Fedora 16 : wireshark-1.6.8-1.fc16 (2012-10175)
oval via4
accepted 2013-08-19T04:01:09.898-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.
family windows
id oval:org.mitre.oval:def:15536
status accepted
submitted 2012-07-02T11:48:43.323-04:00
title Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 via vectors related to the R3 dissector
version 7
refmap via4
confirm
sectrack 1027094
secunia 49226
Last major update 06-11-2012 - 00:14
Published 30-06-2012 - 06:15
Last modified 18-09-2017 - 21:35
Back to Top