Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0067Improper Input Validation in Wireshark

CWE-20Improper Input ValidationCWE-190Integer Overflow or Wraparound8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
11.1%
top 6.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
WiresharkDebian WiresharkRedhat Enterprise Linux
Timeline
PublishedApr 11
Latest updateMay 4

Description

wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.6.5-1 (bookworm)
Debianwireshark/wireshark< 1.6.5-1+3
NVDwireshark/wireshark16 versions+15

Also affects: Enterprise Linux 5

Patches

Patch: anonsvn.wireshark.orgPatch: bugs.wireshark.orgPatch: anonsvn.wireshark.org

🔴Vulnerability Details

2
GHSA
GHSA-33pw-6955-4qx6: wiretap/iptrace2022-05-04
OSV
CVE-2012-0067: wiretap/iptrace2012-04-11

💥Exploits & PoCs

1
Exploit-DB
Wireshark - Buffer Underflow / Denial of Service2012-01-10

📋Vendor Advisories

2
Red Hat
Wireshark: Dos due to integer overflow in IPTrace capture format parser2012-01-10
Debian
CVE-2012-0067: wireshark - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows...2012

💬Community

2
Bugzilla
CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser2012-01-20
Bugzilla
CVE-2012-0041 CVE-2012-0042 CVE-2012-0043 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 wireshark various flaws [fedora-all]2012-01-13