CVE-2012-3826

Wireshark 1.4.x < 1.4.13 and 1.6.x < 1.6.8 - Denial of Service via R3 Dissector Integer Underflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3826. PoCs published by Laurent Butti.

AI-analyzed exploit summary This exploit provides multiple PCAP files designed to trigger denial-of-service vulnerabilities in Wireshark versions 1.6.0-1.6.7 and 1.4.0-1.4.12. The PoC crashes the application by exploiting parsing flaws in network packet analysis.

Description

Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Laurent Butti · textdosmultiple
https://www.exploit-db.com/exploits/18919

This exploit provides multiple PCAP files designed to trigger denial-of-service vulnerabilities in Wireshark versions 1.6.0-1.6.7 and 1.4.0-1.4.12. The PoC crashes the application by exploiting parsing flaws in network packet analysis.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Wireshark 1.6.0-1.6.7, 1.4.0-1.4.12
No auth needed
Prerequisites: Access to send malicious PCAP files to a target running vulnerable Wireshark
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027094
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49226
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15536
Vendor Advisory x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2012-08.html

Scores

EPSS 0.0344
EPSS Percentile 87.4%

Details

CWE
CWE-189
Status published
Products (22)
wireshark/wireshark 1.4.0
wireshark/wireshark 1.4.1
wireshark/wireshark 1.4.2
wireshark/wireshark 1.4.3
wireshark/wireshark 1.4.4
wireshark/wireshark 1.4.5
wireshark/wireshark 1.4.6
wireshark/wireshark 1.4.7
wireshark/wireshark 1.4.8
wireshark/wireshark 1.4.9
... and 12 more
Published Jun 30, 2012
Tracked Since Feb 18, 2026