Ubuntu.comUB:CVE-2012-4298CVE-2012-4298
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
92.0%
Integer signedness error in the vwr_read_rec_data_ethernet function in
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before
1.8.2 allows user-assisted remote attackers to execute arbitrary code via a
crafted packet-trace file that triggers a buffer overflow.
References
anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075
anonsvn.wireshark.org/viewvc?revision=44075&view=revision
www.wireshark.org/security/wnpa-sec-2012-25.html
bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533
launchpad.net/bugs/cve/CVE-2012-4298
nvd.nist.gov/vuln/detail/CVE-2012-4298
security-tracker.debian.org/tracker/CVE-2012-4298
www.cve.org/CVERecord?id=CVE-2012-4298
Related
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
92.0%