Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2394 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

3.3LOWNVD

EPSS

1.5%

top 18.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 30

Latest updateMay 17

Description

Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.6.8-1 (bookworm)

▶Debianwireshark/wireshark< 1.6.8-1+3

▶NVDwireshark/wireshark23 versions+22

Patches

Patch: anonsvn.wireshark.org ↗Patch: anonsvn.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-v655-fcfg-w756: Wireshark 1↗2022-05-17

▶

OSV

CVE-2012-2394: Wireshark 1↗2012-06-30

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - Misaligned Memory Denial of Service↗2012-05-24

▶

📋Vendor Advisories

Red Hat

wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)↗2012-05-21

▶

Debian

CVE-2012-2394: wireshark - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium pl...↗2012

▶

💬Community

Bugzilla

CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3825 CVE-2012-3826 wireshark various flaws [fedora-all]↗2012-05-23

▶

Bugzilla

CVE-2012-2394 wireshark: Denial of service (crash) due memory alignment problem on SPARC and Itanium processors (wnpa-sec-2012-10)↗2012-05-23

▶