CVE-2012-4048 — Code Injection in Wireshark

CWE-94 — Code Injection CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 56.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedJul 24

Latest updateMay 17

Description

The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.8.2-1 (bookworm)

▶Debianwireshark/wireshark< 1.8.2-1+3

▶NVDwireshark/wireshark24 versions+23

Also affects: Debian Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-56x6-q6ph-hm88: The PPP dissector in Wireshark 1↗2022-05-17

▶

OSV

CVE-2012-4048: The PPP dissector in Wireshark 1↗2012-07-24

▶

📋Vendor Advisories

Red Hat

wireshark: Out-of-bounds memory write in PPP dissector↗2012-07-22

▶

Debian

CVE-2012-4048: wireshark - The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8....↗2012

▶

💬Community

Bugzilla

CVE-2012-4048 CVE-2012-4049 wireshark: Out-of-bounds memory write in PPP dissector [fedora-all]↗2012-07-24

▶

Bugzilla

CVE-2012-4048 wireshark: Out-of-bounds memory write in PPP dissector↗2012-07-24

▶