CVE-2012-4294 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark
Severity
5.8MEDIUMNVD
EPSS
3.4%
top 12.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 16
Latest updateMay 17
Description
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
CVSS vector
AV:A/AC:L/C:P/I:P/A:PExploitability: 6.5 | Impact: 6.4
Affected Packages3 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-24mr-g54h-5fgj: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf↗2022-05-17
GHSA▶
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token↗2022-05-17
OSV▶
CVE-2012-4294: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf↗2012-08-16
CVEList▶
CVE-2012-4294: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf↗2012-08-16
📋Vendor Advisories
3Red Hat
▶
Debian▶
CVE-2012-4294: wireshark - Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissect...↗2012