NVD Vulnerability Detail

CVE-2012-2394

Summary	Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.
Publication Date	June 30, 2012, 7:15 p.m.
Registration Date	Jan. 28, 2021, 2:58 p.m.
Last Update	Nov. 21, 2024, 10:39 a.m.

CVSS2.0 : LOW
Score	3.3
Vector	AV:A/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	隣接
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:wireshark:wireshark:1.4.8::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.5::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.0::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.2::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.0::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.6::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.8::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.5::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.11::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.13::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.10::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.4::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.3::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.1::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.2::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.7::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.4::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.8::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.9::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.13::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.2::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.12::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.5::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.10::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.3::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.12::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.7::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.9::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.2::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.1::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.1::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.3::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.7::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.6::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.4::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.4::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.7::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.0::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.11::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.5::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.3::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.6::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.1::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.6::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.0::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.8::::::itanium:

Related information, measures and tools

No	URL	タグ
1	http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393	Patch
2	http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393	Patch
3	http://secunia.com/advisories/49226
4	http://secunia.com/advisories/49226
5	http://www.mandriva.com/security/advisories?name=MDVSA-2012:015
6	http://www.mandriva.com/security/advisories?name=MDVSA-2012:015
7	http://www.mandriva.com/security/advisories?name=MDVSA-2012:042
8	http://www.mandriva.com/security/advisories?name=MDVSA-2012:042
9	http://www.mandriva.com/security/advisories?name=MDVSA-2012:080
10	http://www.mandriva.com/security/advisories?name=MDVSA-2012:080
11	http://www.securityfocus.com/bid/53653
12	http://www.securityfocus.com/bid/53653
13	http://www.securitytracker.com/id?1027094
14	http://www.securitytracker.com/id?1027094
15	http://www.wireshark.org/security/wnpa-sec-2012-10.html	Vendor Advisory
16	http://www.wireshark.org/security/wnpa-sec-2012-10.html	Vendor Advisory
17	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
18	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

SPARC および Itanium で稼働する Wireshark におけるサービス運用妨害 (DoS) の脆弱性

Title	SPARC および Itanium で稼働する Wireshark におけるサービス運用妨害 (DoS) の脆弱性
Summary	SPARC および Itanium プラットフォーム上で稼働する Wireshark は、特定の構造体メンバに対して、適切にデータを配置しないため、サービス運用妨害 (アプリケーションクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、(1) ICMP または (2) ICMPv6 エコー要求のパケットを介して、サービス運用妨害 (アプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 21, 2012, midnight
Registration Date	July 3, 2012, 1:40 p.m.
Last Update	Sept. 24, 2012, 5:04 p.m.

Affected System

Wireshark

Wireshark 1.4.13 未満の 1.4.x

Wireshark 1.6.8 未満の 1.6.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2394	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394
National Vulnerability Database (NVD)
2	CVE-2012-2394	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2394

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Security Advisories
1	MDVSA-2012:015	http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:015
2	MDVSA-2012:042	http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:042
3	MDVSA-2012:080	http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:080
SECURITY BLOG
4	Multiple vulnerabilities in Wireshark	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark1
Wireshark
5	Revision 42393	http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393
Wireshark Bug Database
6	Bug 7221	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
Wireshark Security Advisories
7	wnpa-sec-2012-10	http://www.wireshark.org/security/wnpa-sec-2012-10.html

Change Log

No	Changed Details	Date of change
0	[2012年07月03日] 掲載 [2012年07月30日] ベンダ情報：Mandriva, Inc. (MDVSA-2012:080) を追加ベンダ情報：Mandriva, Inc. (MDVSA-2012:042) を追加ベンダ情報：Mandriva, Inc. (MDVSA-2012:015) を追加 [2012年09月24日] ベンダ情報：オラクル (Multiple vulnerabilities in Wireshark) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:wireshark:wireshark:1.4.8::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.5::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.0::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.2::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.0::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.6::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.8::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.5::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.11::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.13::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.10::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.4::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.3::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.1::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.2::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.7::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.4::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.8::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.9::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.13::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.2::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.12::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.5::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.10::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.3::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.12::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.7::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.9::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.2::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.1::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.1::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.3::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.7::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.6::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.4::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.4::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.7::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.0::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.11::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.5::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.3::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.6::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.4.1::::::itanium:
cpe:2.3:a:wireshark:wireshark:1.6.6::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.6.0::::::sparc:
cpe:2.3:a:wireshark:wireshark:1.4.8::::::itanium: