CVE-2012-5240 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow7 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

1.0%

top 23.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedOct 4

Latest updateMay 17

Description

Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.

CVSS vector

AV:A/AC:L/C:P/I:P/A:PExploitability: 6.5 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.8.2-2 (bookworm)

▶Debianwireshark/wireshark< 1.8.2-2+3

▶NVDwireshark/wireshark1.8.0, 1.8.1, 1.8.2+2

🔴Vulnerability Details

GHSA

GHSA-2m57-99r8-vg66: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp↗2022-05-17

▶

OSV

CVE-2012-5240: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp↗2012-10-04

▶

📋Vendor Advisories

Red Hat

wireshark: Stack-based buffer overflow in the LDP dissector↗2012-10-02

▶

Debian

CVE-2012-5240: wireshark - Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in t...↗2012

▶

💬Community

Bugzilla

CVE-2012-5240 wireshark: Stack-based buffer overflow in the LDP dissector↗2012-10-03

▶

Bugzilla

CVE-2012-5240 CVE-2012-5238 wireshark various flaws [fedora-18]↗2012-10-03

▶