CVE-2012-4288

Published: Aug 16, 2012Modified: Apr 29, 2026

3.3

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 6.5 / Impact: 2.9

Source: NVD

Description

Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.

Affected (30)

Products: Opensuse: Opensuse · Sun: Sunos · Wireshark: Wireshark

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.1
Sun Sunos	Version 5.11

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.8.0
Wireshark Wireshark	Version 1.8.1

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.6.0
Wireshark Wireshark	Version 1.6.1
Wireshark Wireshark	Version 1.6.2
Wireshark Wireshark	Version 1.6.3
Wireshark Wireshark	Version 1.6.4
Wireshark Wireshark	Version 1.6.5
Wireshark Wireshark	Version 1.6.6
Wireshark Wireshark	Version 1.6.7
Wireshark Wireshark	Version 1.6.8
Wireshark Wireshark	Version 1.6.9

Configuration D

15 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.4.0
Wireshark Wireshark	Version 1.4.10
Wireshark Wireshark	Version 1.4.11
Wireshark Wireshark	Version 1.4.12
Wireshark Wireshark	Version 1.4.13
Wireshark Wireshark	Version 1.4.14
Wireshark Wireshark	Version 1.4.1
Wireshark Wireshark	Version 1.4.2
Wireshark Wireshark	Version 1.4.3
Wireshark Wireshark	Version 1.4.4
Wireshark Wireshark	Version 1.4.5
Wireshark Wireshark	Version 1.4.6
Wireshark Wireshark	Version 1.4.7
Wireshark Wireshark	Version 1.4.8
Wireshark Wireshark	Version 1.4.9

Related CWEs

References (26)

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289

Source: cve@mitre.org

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html

Source: cve@mitre.org

http://secunia.com/advisories/50276

Source: cve@mitre.org

http://secunia.com/advisories/51363

Source: cve@mitre.org

http://secunia.com/advisories/54425

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/55035

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2012-15.html

Source: cve@mitre.org

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571

Source: cve@mitre.org

Exploit

https://hermes.opensuse.org/messages/15514562

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15789

Source: cve@mitre.org

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/50276

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51363

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/54425

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/55035

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2012-15.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://hermes.opensuse.org/messages/15514562

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15789

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.