Integer Overflow Vulnerability in Wireshark XTP Dissector
CVE-2012-4288

Currently unrated

Key Information:

Vendor: Oracle
Status: Sunos; Opensuse
Vendor: CVE Published:; 16 August 2012

What is CVE-2012-4288?

An integer overflow vulnerability exists in the dissect_xtp_ecntl function of the XTP dissector in Wireshark. This flaw allows remote attackers to exploit it by sending a maliciously crafted value for span length, potentially leading to a denial of service through application crashes or infinite loops in affected versions of Wireshark.

References

http://www.securityfocus.com/bid/55035

vdb-entryx_refsource_BID

http://www.wireshark.org/security/wnpa-sec-2012-15.html

x_refsource_CONFIRM

http://secunia.com/advisories/54425

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2012
Vulnerability Reserved
Aug 14, 2012

Oracle

What is CVE-2012-4288?

References

Timeline