CVE-2012-2394
published 2012-06-30CVE-2012-2394: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure…
PriorityP418low3.3CVSS 2.0
AVAACLAuNCNINAP
EXPLOIT
EPSS
3.98%
89.2th percentile
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 1.6.8-1 (bookworm) | wireshark 1.6.8-1 (bookworm) |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | >= 0 < 1.6.8-1 | 1.6.8-1 |
CVSS provenance
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv3.3LOW
vendor_debian3.3LOW
vendor_redhat3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
vendor_redhat·2012-05-21·CVSS 3.3
CVE-2012-2394 [LOW] wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
Statement: Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.
Package: wireshark (Red Hat Enterprise Linux 5) - Not affected
Package: wireshark (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2012-2394: wireshark - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium pl...
vendor_debian·2012·CVSS 3.3
CVE-2012-2394 [LOW] CVE-2012-2394: wireshark - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium pl...
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
Scope: local
bookworm: resolved (fixed in 1.6.8-1)
bullseye: resolved (fixed in 1.6.8-1)
forky: resolved (fixed in 1.6.8-1)
sid: resolved (fixed in 1.6.8-1)
trixie: resolved (fixed in 1.6.8-1)
GHSA
GHSA-v655-fcfg-w756: Wireshark 1
ghsa_unreviewed·2022-05-17
CVE-2012-2394 [LOW] CWE-119 GHSA-v655-fcfg-w756: Wireshark 1
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
OSV
CVE-2012-2394: Wireshark 1
osv·2012-06-30·CVSS 3.3
CVE-2012-2394 [LOW] CVE-2012-2394: Wireshark 1
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
No detection rules found.
Bugzilla
CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3825 CVE-2012-3826 wireshark various flaws [fedora-all]
bugzilla·2012-05-23·CVSS 3.3
CVE-2012-2392 [LOW] CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3825 CVE-2012-3826 wireshark various flaws [fedora-all]
CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3825 CVE-2012-3826 wireshark various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.
Bugzilla
CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
bugzilla·2012-05-23·CVSS 3.3
CVE-2012-2394 [LOW] CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)
It was reported that on SPARC and Itanium processors Wireshark, the network traffic analyzer, could terminate (crash due to bus errors) while processing packet capture file containing ICMP echo or ICMPv6 echo requests.
Upstream bug:
[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
Upstream advisory:
[2] http://www.wireshark.org/security/wnpa-sec-2012-10.html
Discussion:
Created wireshark tracking bugs for this issue
Affects: fedora-all [bug 824426]
---
CVE Request:
[3] http://www.openwall.com/lists/oss-security/2012/05/23/10
---
Added CVE as per http://www.openwall.com/lists/oss-security/2012/05/23/17
---
The affected code segment does n
http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393http://secunia.com/advisories/49226http://www.mandriva.com/security/advisories?name=MDVSA-2012:015http://www.mandriva.com/security/advisories?name=MDVSA-2012:042http://www.mandriva.com/security/advisories?name=MDVSA-2012:080http://www.securityfocus.com/bid/53653http://www.securitytracker.com/id?1027094http://www.wireshark.org/security/wnpa-sec-2012-10.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393http://secunia.com/advisories/49226http://www.mandriva.com/security/advisories?name=MDVSA-2012:015http://www.mandriva.com/security/advisories?name=MDVSA-2012:042http://www.mandriva.com/security/advisories?name=MDVSA-2012:080http://www.securityfocus.com/bid/53653http://www.securitytracker.com/id?1027094http://www.wireshark.org/security/wnpa-sec-2012-10.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
2012-06-30
Published