Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2393 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

3.3LOWNVD

EPSS

1.1%

top 22.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 30

Latest updateMay 17

Description

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.6.8-1 (bookworm)

▶Debianwireshark/wireshark< 1.6.8-1+3

▶NVDwireshark/wireshark22 versions+21

Patches

Patch: anonsvn.wireshark.org ↗Patch: anonsvn.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-7w5p-q45r-56jc: epan/dissectors/packet-diameter↗2022-05-17

▶

OSV

CVE-2012-2393: epan/dissectors/packet-diameter↗2012-06-30

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - DIAMETER Dissector Denial of Service↗2012-05-24

▶

📋Vendor Advisories

Red Hat

wireshark: Memory allocation flaw in the DIAMETER dissector (wnpa-sec-2012-09)↗2012-05-21

▶

Debian

CVE-2012-2393: wireshark - epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x b...↗2012

▶

💬Community

Bugzilla

CVE-2012-2393 wireshark: Memory allocation flaw in the DIAMETER dissector (wnpa-sec-2012-09)↗2012-05-23

▶

Bugzilla

CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3825 CVE-2012-3826 wireshark various flaws [fedora-all]↗2012-05-23

▶