CVE-2012-6057

2012-12-05 12:57:20 2017-09-19 03:35:32

The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Wireshark 1.8.3 Wireshark 1.8.2 Wireshark 1.8.1 Wireshark 1.8.0

Wireshark - Wireshark

Advisory	Patch	Confirmed	Link
			http://www.wireshark.org/security/wnpa-sec-2012-34.html
			openSUSE-SU-2013:0151
			openSUSE-SU-2012:1633
			http://anonsvn.wireshark.org/viewvc?view=revision&revisi...
			http://anonsvn.wireshark.org/viewvc/trunk/epan/dissector...
			https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800

CVE-2012-6057

2012-12-05 12:57:20 2017-09-19 03:35:32

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)