we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability CVE-2012-4048 CVE-2012-4049

Wireshark: two denials of service

Synthesis of the vulnerability

Two vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service.
Impacted products: Debian, MBS, MES, Mandriva Linux, openSUSE, Solaris, SUSE Linux Enterprise Desktop, SLES, Wireshark.
Severity: 1/4.
Creation date: 24/07/2012.
Identifiers: BID-54649, CERTA-2012-AVI-401, CVE-2012-4048, CVE-2012-4049, DSA 2590-1, MDVSA-2012:125, MDVSA-2013:055, openSUSE-SU-2012:0930-1, SUSE-SU-2012:1168-1, VIGILANCE-VUL-11790, wnpa-sec-2012-11, wnpa-sec-2012-12.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can send a malicious PPP packet, in order to force Wireshark to use an invalid memory address. [severity:1/4; CVE-2012-4048, wnpa-sec-2012-11]

An attacker can send a NFS packet, in order to generate a large loop in Wireshark. [severity:1/4; CVE-2012-4049, wnpa-sec-2012-12]
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability announce. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.