VulDB: Wireshark up to 1.6.7 denial of service [CVE-2012-2393]
General
scipID: 5443
Affected: Wireshark up to 1.6.7
Published: 05/22/2012
Risk: 
problematic
Entry: 82% complete
Created: 05/25/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Wireshark up to 1.6.7. It has been declared as problematic. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. As an impact it is known to affect availability.
The weakness was presented 05/22/2012 as wnpa-sec-2012-09 as knowledge base article (Website). The advisory is shared for download at wireshark.org. The public release was coordinated in cooperation with the project team. This vulnerability is known as CVE-2012-2393 since 04/19/2012. The attack can be launched remotely. The exploitation doesn’t need any form of authentication. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 1.6.8 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (82099) and Secunia (SA49226).CVSS
Base Score: 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Wireshark 1.6.8
Timeline
04/19/2012 | CVE assigned
05/22/2012 | Advisory disclosed
05/22/2012 | Countermeasure disclosed
05/23/2012 | OSVDB entry created
05/25/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: wnpa-sec-2012-09
Coordinated: Yes
OSVDB: 82099
CVE: CVE-2012-2393 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49226
