CVE-2012-1595 — Heap-based Buffer Overflow in Wireshark

CWE-399 CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

1.0%

top 22.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedApr 11

Latest updateMay 14

Description

The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.6.6-1 (bookworm)

▶Debianwireshark/wireshark< 1.6.6-1+3

▶NVDwireshark/wireshark18 versions+17

🔴Vulnerability Details

GHSA

GHSA-478p-hcx8-x6c2: The pcap_process_pseudo_header function in wiretap/pcap-common↗2022-05-14

▶

OSV

CVE-2012-1595: The pcap_process_pseudo_header function in wiretap/pcap-common↗2012-04-11

▶

💥Exploits & PoCs

Exploit-DB

Apple iOS Mobile Mail - LibTIFF Buffer Overflow (Metasploit)↗2012-10-09

▶

Exploit-DB

Apple iOS Mobile Safari - LibTIFF Buffer Overflow (Metasploit)↗2012-10-09

▶

📋Vendor Advisories

Red Hat

wireshark: Heap-based buffer overflow when reading ERF packets from pcap/pcap-ng trace files↗2012-02-07

▶

Debian

CVE-2012-1595: wireshark - The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1....↗2012

▶

💬Community

Bugzilla

CVE-2012-1595 CVE-2012-1596 wireshark various flaws [fedora-15]↗2012-04-02

▶

Bugzilla

CVE-2012-1593 CVE-2012-1594 CVE-2012-1595 CVE-2012-1596 wireshark various flaws [fedora-16]↗2012-04-02

▶

Bugzilla

CVE-2012-1595 wireshark: Heap-based buffer overflow when reading ERF packets from pcap/pcap-ng trace files↗2012-03-28

▶