Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-3825 — Integer Overflow or Wraparound in Wireshark

CWE-190 — Integer Overflow or Wraparound9 documents7 sources

Severity

3.3LOWNVD

EPSS

2.0%

top 16.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 30

Latest updateMay 17

Description

Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.6.8-1 (bookworm)

▶Debianwireshark/wireshark< 1.6.8-1+3

▶NVDwireshark/wireshark22 versions+21

🔴Vulnerability Details

GHSA

GHSA-w9xg-mh3r-5q8v: Multiple integer overflows in Wireshark 1↗2022-05-17

▶

OSV

CVE-2012-3825: Multiple integer overflows in Wireshark 1↗2012-06-30

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - Multiple Dissector Denial of Service Vulnerabilities↗2012-05-24

▶

📋Vendor Advisories

Red Hat

wireshark: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS (wnpa-sec-2012-08)↗2012-04-16

▶

Debian

CVE-2012-3825: wireshark - Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6...↗2012

▶

💬Community

Bugzilla

CVE-2012-3825 wireshark: Integer overflows in BACapp and Bluetooth HCI dissectors, leading to DoS (wnpa-sec-2012-08)↗2012-07-02

▶

Bugzilla

CVE-2012-2392 wireshark: Infinite and large loops in ANSI MAP, ASF, IEEE 802.11, IEEE 802.3, and LTP dissectors (wnpa-sec-2012-08)↗2012-05-23

▶

Bugzilla

CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3825 CVE-2012-3826 wireshark various flaws [fedora-all]↗2012-05-23

▶