CVE-2012-3548 — Infinite Loop in Wireshark

CWE-399 CWE-835 — Infinite Loop7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 34.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedAug 30

Latest updateMay 17

Description

The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.8.2-2 (bookworm)

▶Debianwireshark/wireshark< 1.8.2-2+3

▶NVDwireshark/wireshark14 versions+13

Patches

Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-cj63-9m7p-vgfj: The dissect_drda function in epan/dissectors/packet-drda↗2022-05-17

▶

OSV

CVE-2012-3548: The dissect_drda function in epan/dissectors/packet-drda↗2012-08-30

▶

📋Vendor Advisories

Red Hat

1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector↗2012-08-21

▶

Debian

CVE-2012-3548: wireshark - The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x th...↗2012

▶

💬Community

Bugzilla

CVE-2012-3548 wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector [fedora-all]↗2012-08-29

▶

Bugzilla

CVE-2012-3548 wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector↗2012-08-21

▶