CVE-2012-4297
HIGH severity · CVSS 8.3 · Memory corruption
8.3CVSS HIGH
Summary
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.
Impact & exploitability
Attack vectorAdjacent
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)2%
AV:A/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_rlcmac.h?r1=44307&r2=44306&pathrev=44307 ↗
Additional information
- NVD record
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_rlcmac.h?r1=44307&r2=44306&pathrev=44307Patch
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=44307Patch
- http://www.wireshark.org/security/wnpa-sec-2012-19.htmlAdvisory
- http://secunia.com/advisories/50276
- http://secunia.com/advisories/51363
- http://secunia.com/advisories/54425
- http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
- http://www.securityfocus.com/bid/55035