CVE-2012-6061

Severity

50%

Complexity

99%

Confidentiality

48%

The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted value in a packet.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Wireshark

First reported 12 years ago

2012-12-05 11:57:00

Last updated 7 years ago

2017-09-19 01:35:00

Affected Software

Wireshark 1.6.0

1.6.0

Wireshark 1.6.1

1.6.1

Wireshark 1.6.2

1.6.2

Wireshark 1.6.3

1.6.3

Wireshark 1.6.4

1.6.4

Wireshark 1.6.5

1.6.5

Wireshark 1.6.6

1.6.6

Wireshark 1.6.7

1.6.7

Wireshark 1.6.8

1.6.8

Wireshark 1.6.9

1.6.9

Wireshark 1.6.10

1.6.10

Wireshark 1.6.11

1.6.11

Wireshark 1.8.0

1.8.0

Wireshark 1.8.1

1.8.1

Wireshark 1.8.2

1.8.2

Wireshark 1.8.3

1.8.3

References

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-wtp.c?r1=45614&r2=45613&pathrev=45614

Exploit, Vendor Advisory

http://anonsvn.wireshark.org/viewvc?view=revision&revision=45614

openSUSE-SU-2012:1633

openSUSE-SU-2013:0151

RHSA-2014:0341

http://www.wireshark.org/security/wnpa-sec-2012-37.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7869