Lucene search

K

[email protected]NVD:CVE-2012-4292

HistoryAug 16, 2012 - 10:38 a.m.

CVE-2012-4292

2012-08-1610:38:08

CWE-20

[email protected]

web.nvd.nist.gov

8

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

69.3%

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Affected configurations

Nvd

Node

wiresharkwiresharkMatch1.6.0

OR

wiresharkwiresharkMatch1.6.1

OR

wiresharkwiresharkMatch1.6.2

OR

wiresharkwiresharkMatch1.6.3

OR

wiresharkwiresharkMatch1.6.4

OR

wiresharkwiresharkMatch1.6.5

OR

wiresharkwiresharkMatch1.6.6

OR

wiresharkwiresharkMatch1.6.7

OR

wiresharkwiresharkMatch1.6.8

OR

wiresharkwiresharkMatch1.6.9

Node

opensuseopensuseMatch11.4

OR

opensuseopensuseMatch12.1

OR

sunsunosMatch5.11

Node

wiresharkwiresharkMatch1.8.0

OR

wiresharkwiresharkMatch1.8.1

Node

wiresharkwiresharkMatch1.4.0

OR

wiresharkwiresharkMatch1.4.1

OR

wiresharkwiresharkMatch1.4.2

OR

wiresharkwiresharkMatch1.4.3

OR

wiresharkwiresharkMatch1.4.4

OR

wiresharkwiresharkMatch1.4.5

OR

wiresharkwiresharkMatch1.4.6

OR

wiresharkwiresharkMatch1.4.7

OR

wiresharkwiresharkMatch1.4.8

OR

wiresharkwiresharkMatch1.4.9

OR

wiresharkwiresharkMatch1.4.10

OR

wiresharkwiresharkMatch1.4.11

OR

wiresharkwiresharkMatch1.4.12

OR

wiresharkwiresharkMatch1.4.13

OR

wiresharkwiresharkMatch1.4.14

References

anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366

anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380

anonsvn.wireshark.org/viewvc?view=revision&revision=44366

anonsvn.wireshark.org/viewvc?view=revision&revision=44380

lists.opensuse.org/opensuse-updates/2012-08/msg00033.html

secunia.com/advisories/50276

secunia.com/advisories/51363

secunia.com/advisories/54425

www.gentoo.org/security/en/glsa/glsa-201308-05.xml

www.securityfocus.com/bid/55035

www.wireshark.org/security/wnpa-sec-2012-21.html

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569

hermes.opensuse.org/messages/15514562

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

69.3%

Related for NVD:CVE-2012-4292

cve1 debiancve1 prion1 cvelist1 ubuntucve1 openvas18 nessus20 fedora2 securityvulns2 freebsd1 veracode24 amazon1 redhat1 centos1 oraclelinux1 gentoo1