CVE-2012-4298 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-1898 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

0.9%

top 24.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark SUN Sunos

Timeline

PublishedAug 16

Latest updateMay 17

Description

Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages3 packages

▶Debianwireshark/wireshark< 1.8.2-1+3

▶NVDwireshark/wireshark1.8.0, 1.8.1+1

▶NVDsun/sunos5.11

Patches

Patch: anonsvn.wireshark.org ↗Patch: anonsvn.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-7qhq-gcwc-xffw: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr↗2022-05-17

▶

CVEList

CVE-2012-4298: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr↗2012-08-16

▶

OSV

CVE-2012-4298: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr↗2012-08-16

▶

📋Vendor Advisories

Red Hat

wireshark: buffer overflow in Ixia IxVeriWave file parser (wnpa-sec-2012-25)↗2012-08-15

▶

Debian

CVE-2012-4298: wireshark - Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/v...↗2012

▶

💬Community

Bugzilla

CVE-2012-4298 wireshark: buffer overflow in Ixia IxVeriWave file parser (wnpa-sec-2012-25)↗2012-08-15

▶

Bugzilla

CVE-2012-4294 CVE-2012-4295 CVE-2012-4286 CVE-2012-4298 CVE-2012-4287 wireshark various flaws [fedora-rawhide]↗2012-08-15

▶