CVE-2012-4297

Published: Aug 16, 2012Modified: Apr 29, 2026

8.3

Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 6.5 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.

Affected (13)

Products: Wireshark: Wireshark · Sun: Sunos

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.8.0
Wireshark Wireshark	Version 1.8.1

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.6.0
Wireshark Wireshark	Version 1.6.1
Wireshark Wireshark	Version 1.6.2
Wireshark Wireshark	Version 1.6.3
Wireshark Wireshark	Version 1.6.4
Wireshark Wireshark	Version 1.6.5
Wireshark Wireshark	Version 1.6.6
Wireshark Wireshark	Version 1.6.7
Wireshark Wireshark	Version 1.6.8
Wireshark Wireshark	Version 1.6.9

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Sun Sunos	Version 5.11

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (24)

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_rlcmac.h?r1=44307&r2=44306&pathrev=44307

Source: cve@mitre.org

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44307

Source: cve@mitre.org

Patch

http://secunia.com/advisories/50276

Source: cve@mitre.org

http://secunia.com/advisories/51363

Source: cve@mitre.org

http://secunia.com/advisories/54425

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/55035

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2012-19.html

Source: cve@mitre.org

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7561

Source: cve@mitre.org

https://hermes.opensuse.org/messages/15514562

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15741

Source: cve@mitre.org

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_rlcmac.h?r1=44307&r2=44306&pathrev=44307

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44307

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/50276

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51363

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/54425

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/55035

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2012-19.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7561

Source: af854a3a-2127-422b-91ae-364da2661108

https://hermes.opensuse.org/messages/15514562

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15741

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.