Executive Summary

Informations
NameCVE-2012-1595First vendor Publication2012-04-11
VendorCveLast vendor Modification2013-01-03

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1595

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15548
 
Oval ID: oval:org.mitre.oval:def:15548
Title: Vulnerability in pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Description: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1595
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15356
 
Oval ID: oval:org.mitre.oval:def:15356
Title: DEPRECATED: Vulnerability in pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6
Description: The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1595
 Version: 2
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Wireshark
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application18

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://anonsvn.wireshark.org/viewvc?view=revision&revision=41008
http://www.wireshark.org/security/wnpa-sec-2012-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804
MLISThttp://www.openwall.com/lists/oss-security/2012/03/28/13
SECUNIAhttp://secunia.com/advisories/48947
http://secunia.com/advisories/48986
SUSEhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00060.html

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2013-05-10 22:36:06
  • Multiple Updates
2013-01-04 13:19:21
  • Multiple Updates