Vulnerability Details : CVE-2012-6062
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-6062
Probability of exploitation activity in the next 30 days: 1.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-6062
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-6062
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6062
-
http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html
openSUSE-SU-2012:1633-1: moderate: wireshark to 1.8.4
-
http://anonsvn.wireshark.org/viewvc?view=revision&revision=45717
code.wireshark Code Review - wireshark.git/tree
-
http://rhn.redhat.com/errata/RHSA-2014-0341.html
RHSA-2014:0341 - Security Advisory - Red Hat Customer Portal
-
http://www.wireshark.org/security/wnpa-sec-2012-38.html
Wireshark · wnpa-sec-2012-38 · Wireshark RTCP dissector inifinte loopVendor Advisory
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7879
7879 – Buildbot crash output: fuzz-2012-10-19-32463.pcapExploit;Patch
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html
openSUSE-SU-2013:0151-1: moderate: wireshark to 1.8.4
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15894
Repository / Oval Repository
-
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtcp.c?r1=45717&r2=45716&pathrev=45717
code.wireshark Code Review - wireshark.git/treeExploit;Patch
Products affected by CVE-2012-6062
- cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.6.11:*:*:*:*:*:*:*