CVE-2012-0067
published 2012-04-11CVE-2012-0067: wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
6.60%
93.0th percentile
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 1.6.5-1 (bookworm) | wireshark 1.6.5-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | >= 0 < 1.6.5-1 | 1.6.5-1 |
| wireshark | wireshark | >= 0 < 1.6.5-1 | 1.6.5-1 |
| wireshark | wireshark | >= 0 < 1.6.5-1 | 1.6.5-1 |
| wireshark | wireshark | >= 0 < 1.6.5-1 | 1.6.5-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Wireshark: Dos due to integer overflow in IPTrace capture format parser
vendor_redhat·2012-01-10·CVSS 4.3
CVE-2012-0067 [MEDIUM] CWE-190 Wireshark: Dos due to integer overflow in IPTrace capture format parser
Wireshark: Dos due to integer overflow in IPTrace capture format parser
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
Package: wireshark (Red Hat Enterprise Linux 4) - Will not fix
Debian
CVE-2012-0067: wireshark - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows...
vendor_debian·2012·CVSS 4.3
CVE-2012-0067 [MEDIUM] CVE-2012-0067: wireshark - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows...
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
Scope: local
bookworm: resolved (fixed in 1.6.5-1)
bullseye: resolved (fixed in 1.6.5-1)
forky: resolved (fixed in 1.6.5-1)
sid: resolved (fixed in 1.6.5-1)
trixie: resolved (fixed in 1.6.5-1)
GHSA
GHSA-33pw-6955-4qx6: wiretap/iptrace
ghsa_unreviewed·2022-05-04
CVE-2012-0067 [MEDIUM] CWE-20 GHSA-33pw-6955-4qx6: wiretap/iptrace
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
OSV
CVE-2012-0067: wiretap/iptrace
osv·2012-04-11·CVSS 4.3
CVE-2012-0067 [MEDIUM] CVE-2012-0067: wiretap/iptrace
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
No detection rules found.
Bugzilla
CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser
bugzilla·2012-01-20·CVSS 4.3
CVE-2012-0067 [MEDIUM] CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser
CVE-2012-0067 Wireshark: Dos due to integer overflow in IPTrace capture format parser
An integer overflow flaw leading to denial of service (application crash) was found in the way wireshark parsed files in the IPTrace capture format. It may be possible to make Wireshark crash by convincing someone to read a malformed IPTrace packet capture file. This is corrected in upstream 1.4.11 and 1.6.5.
Reference:
http://www.wireshark.org/security/wnpa-sec-2012-01.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
Patch:
http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167
Discussion:
This issue affects the version of wireshark shipped with Fedora 15 and Fedora
16 and has been addressed in the following security advisories:
https://admin.fedoraproject.org/updates/wiresha
Bugzilla
CVE-2012-0041 CVE-2012-0042 CVE-2012-0043 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 wireshark various flaws [fedora-all]
bugzilla·2012-01-13·CVSS 4.3
CVE-2012-0041 [MEDIUM] CVE-2012-0041 CVE-2012-0042 CVE-2012-0043 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 wireshark various flaws [fedora-all]
CVE-2012-0041 CVE-2012-0042 CVE-2012-0043 CVE-2012-0066 CVE-2012-0067 CVE-2012-0068 wireshark various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.
http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167http://rhn.redhat.com/errata/RHSA-2013-0125.htmlhttp://secunia.com/advisories/47494http://secunia.com/advisories/48947http://secunia.com/advisories/54425http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlhttp://www.openwall.com/lists/oss-security/2012/01/11/7http://www.openwall.com/lists/oss-security/2012/01/20/4http://www.wireshark.org/security/wnpa-sec-2012-01.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15192http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167http://rhn.redhat.com/errata/RHSA-2013-0125.htmlhttp://secunia.com/advisories/47494http://secunia.com/advisories/48947http://secunia.com/advisories/54425http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlhttp://www.openwall.com/lists/oss-security/2012/01/11/7http://www.openwall.com/lists/oss-security/2012/01/20/4http://www.wireshark.org/security/wnpa-sec-2012-01.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15192
2012-04-11
Published