3.3

CVE-2012-4288

Exploit
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
SunSunos Version5.11
WiresharkWireshark Version1.8.0
WiresharkWireshark Version1.8.1
WiresharkWireshark Version1.6.0
WiresharkWireshark Version1.6.1
WiresharkWireshark Version1.6.2
WiresharkWireshark Version1.6.3
WiresharkWireshark Version1.6.4
WiresharkWireshark Version1.6.5
WiresharkWireshark Version1.6.6
WiresharkWireshark Version1.6.7
WiresharkWireshark Version1.6.8
WiresharkWireshark Version1.6.9
WiresharkWireshark Version1.4.0
WiresharkWireshark Version1.4.1
WiresharkWireshark Version1.4.2
WiresharkWireshark Version1.4.3
WiresharkWireshark Version1.4.4
WiresharkWireshark Version1.4.5
WiresharkWireshark Version1.4.6
WiresharkWireshark Version1.4.7
WiresharkWireshark Version1.4.8
WiresharkWireshark Version1.4.9
WiresharkWireshark Version1.4.10
WiresharkWireshark Version1.4.11
WiresharkWireshark Version1.4.12
WiresharkWireshark Version1.4.13
WiresharkWireshark Version1.4.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.94% 0.775
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html
http://secunia.com/advisories/50276
http://secunia.com/advisories/51363
http://www.securityfocus.com/bid/55035
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
https://hermes.opensuse.org/messages/15514562
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289
Patch
http://www.wireshark.org/security/wnpa-sec-2012-15.html
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15789