Lucene search

MitreCVE-2012-4287

HistoryAug 16, 2012 - 10:38 a.m.

CVE-2012-4287

2012-08-1610:38:08

CWE-399

mitre

web.nvd.nist.gov

wireshark

cve-2012-4287

mongodb

dissector

denial of service

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.011

Percentile

84.8%

JSON

epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.

Affected configurations

Nvd

Node

sunsunosMatch5.11

Node

wiresharkwiresharkMatch1.8.0

wiresharkwiresharkMatch1.8.1

VendorProductVersionCPE
sunsunos5.11cpe:/o:sun:sunos:5.11:::

Vendor	Product	Version	CPE
sun	sunos	5.11	cpe:/o:sun:sunos:5.11:::

References

anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mongo.c?r1=44288&r2=44287&pathrev=44288

anonsvn.wireshark.org/viewvc?view=revision&revision=44288

secunia.com/advisories/50276

secunia.com/advisories/51363

secunia.com/advisories/54425

www.gentoo.org/security/en/glsa/glsa-201308-05.xml

www.securityfocus.com/bid/55035

www.wireshark.org/security/wnpa-sec-2012-14.html

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

bugs.wireshark.org/bugzilla/show_bug.cgi?id=7572

hermes.opensuse.org/messages/15514562

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15818

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.011

Percentile

84.8%

JSON

Related for CVE-2012-4287