CVE-2012-4298

2012-08-16 12:38:09 2017-09-19 03:35:22

Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.

Vector

ADJACENT_NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Sun SunOS (Solaris 11) 5.11

Wireshark 1.8.1 Wireshark 1.8.0

Sun - Sunos Wireshark - Wireshark

Advisory	Patch	Confirmed	Link
			openSUSE-SU-2012:1067
			https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533
			https://blogs.oracle.com/sunsecurity/entry/multiple_vuln...
			55035
			http://www.wireshark.org/security/wnpa-sec-2012-25.html
			GLSA-201308-05
			http://anonsvn.wireshark.org/viewvc?revision=44075&view=...
			http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?...

CVE-2012-4298

2012-08-16 12:38:09 2017-09-19 03:35:22

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)