Remote Denial of Service in Wireshark DCP ETSI Dissector
CVE-2012-4285

Currently unrated

Key Information:

Vendor: Oracle
Status: Sunos; Enterprise Linux; Opensuse
Vendor: CVE Published:; 16 August 2012

Summary

The DCP ETSI dissector in Wireshark versions 1.4.x prior to 1.4.15, 1.6.x prior to 1.6.10, and 1.8.x prior to 1.8.2 contains a vulnerability in the dissect_pft function, which allows remote attackers to trigger a denial of service condition. Specifically, an attacker can exploit this vulnerability by sending a zero-length message, resulting in a divide-by-zero error that crashes the application. This issue highlights the importance of validating input data in network protocol analysis tools to avert potential disruptions.

References

http://www.securityfocus.com/bid/55035

vdb-entryx_refsource_BID

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors...

x_refsource_CONFIRM

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 16, 2012
Vulnerability Reserved
Aug 14, 2012