Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 430630

Summary: <net-analyzer/wireshark-{1.6.9,1.8.1}: It may be possible to make Wireshark crash by injecting a malformed packet (CVE-2012-4048)
Product: Gentoo Security Reporter: Giuseppe <gentoosecurity.pes>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor    
Priority: Low    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.mandriva.com/security/
Whiteboard: B4
Package list:
Runtime testing required: ---

Description Giuseppe 2012-08-09 16:30:02 UTC 
From : security@m​andriva.com

Reference: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://www.wireshark.org/security/wnpa-sec-2012-11.html

Multiple vulnerabilities was found and corrected in Wireshark:

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file (CVE-2012-4048).

This advisory provides the latest version of Wireshark (1.4.14,
1.6.8) which is not vulnerable to these issues.

Reference: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://www.wireshark.org/security/wnpa-sec-2012-11.html
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2012-08-09 18:41:28 UTC 

*** This bug has been marked as a duplicate of bug 427964 ***