CVE Vulnerabilities

CVE-2012-6054

Published: Dec 05, 2012 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a denial of service (infinite loop) via a packet that is neither IPv4 nor IPv6.

Affected Software

Name Vendor Start Version End Version
Wireshark Wireshark 1.8.2 1.8.2
Wireshark Wireshark 1.8.3 1.8.3
Wireshark Wireshark 1.8.1 1.8.1
Wireshark Wireshark 1.8.0 1.8.0

References