CVE-2012-4292

Published: Aug 16, 2012Modified: Apr 29, 2026

3.3

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 6.5 / Impact: 2.9

Source: NVD

Description

The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Affected (30)

Products: Wireshark: Wireshark · Opensuse: Opensuse · Sun: Sunos

1 product

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.6.0
Wireshark Wireshark	Version 1.6.1
Wireshark Wireshark	Version 1.6.2
Wireshark Wireshark	Version 1.6.3
Wireshark Wireshark	Version 1.6.4
Wireshark Wireshark	Version 1.6.5
Wireshark Wireshark	Version 1.6.6
Wireshark Wireshark	Version 1.6.7
Wireshark Wireshark	Version 1.6.8
Wireshark Wireshark	Version 1.6.9

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.1
Sun Sunos	Version 5.11

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.8.0
Wireshark Wireshark	Version 1.8.1

Configuration D

15 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.4.0
Wireshark Wireshark	Version 1.4.10
Wireshark Wireshark	Version 1.4.11
Wireshark Wireshark	Version 1.4.12
Wireshark Wireshark	Version 1.4.13
Wireshark Wireshark	Version 1.4.14
Wireshark Wireshark	Version 1.4.1
Wireshark Wireshark	Version 1.4.2
Wireshark Wireshark	Version 1.4.3
Wireshark Wireshark	Version 1.4.4
Wireshark Wireshark	Version 1.4.5
Wireshark Wireshark	Version 1.4.6
Wireshark Wireshark	Version 1.4.7
Wireshark Wireshark	Version 1.4.8
Wireshark Wireshark	Version 1.4.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (30)

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366

Source: cve@mitre.org

Patch

http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380

Source: cve@mitre.org

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366

Source: cve@mitre.org

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html

Source: cve@mitre.org

http://secunia.com/advisories/50276

Source: cve@mitre.org

http://secunia.com/advisories/51363

Source: cve@mitre.org

http://secunia.com/advisories/54425

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/55035

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2012-21.html

Source: cve@mitre.org

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569

Source: cve@mitre.org

Exploit

https://hermes.opensuse.org/messages/15514562

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158

Source: cve@mitre.org

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/50276

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51363

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/54425

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/55035

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2012-21.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://hermes.opensuse.org/messages/15514562

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15158

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.