CVE-2012-2393

epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

Read the notes from the security team

• How can I get the fixes?
• What do statuses mean?

Notes

References

• MITRE
• NVD
• Launchpad
• Debian

Other references

• http://www.wireshark.org/security/wnpa-sec-2012-09.html
• https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133
• https://bugzilla.redhat.com/show_bug.cgi?id=824413
• http://www.openwall.com/lists/oss-security/2012/05/23/17
• https://www.cve.org/CVERecord?id=CVE-2012-2393