CVE-2012-1596 — Wireshark vulnerability

CWE-3998 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

2.6%

top 14.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedApr 11

Latest updateMay 14

Description

The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.6.6-1 (bookworm)

▶Debianwireshark/wireshark< 1.6.6-1+3

▶NVDwireshark/wireshark18 versions+17

🔴Vulnerability Details

GHSA

GHSA-6w77-fgw8-8424: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t↗2022-05-14

▶

OSV

CVE-2012-1596: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t↗2012-04-11

▶

📋Vendor Advisories

Red Hat

wireshark: MP2T dissector memory allocation flaw↗2012-02-11

▶

Debian

CVE-2012-1596: wireshark - The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in...↗2012

▶

💬Community

Bugzilla

CVE-2012-1595 CVE-2012-1596 wireshark various flaws [fedora-15]↗2012-04-02

▶

Bugzilla

CVE-2012-1593 CVE-2012-1594 CVE-2012-1595 CVE-2012-1596 wireshark various flaws [fedora-16]↗2012-04-02

▶

Bugzilla

CVE-2012-1596 wireshark: MP2T dissector memory allocation flaw↗2012-03-28

▶