ID CVE-2015-2188
Summary epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
References
Vulnerable Configurations
  • Wireshark 1.10.0
    cpe:2.3:a:wireshark:wireshark:1.10.0
  • Wireshark Wireshark 1.10.1
    cpe:2.3:a:wireshark:wireshark:1.10.1
  • Wireshark Wireshark 1.10.2
    cpe:2.3:a:wireshark:wireshark:1.10.2
  • Wireshark 1.10.3
    cpe:2.3:a:wireshark:wireshark:1.10.3
  • Wireshark 1.10.4
    cpe:2.3:a:wireshark:wireshark:1.10.4
  • Wireshark 1.10.5
    cpe:2.3:a:wireshark:wireshark:1.10.5
  • Wireshark 1.10.6
    cpe:2.3:a:wireshark:wireshark:1.10.6
  • Wireshark 1.10.7
    cpe:2.3:a:wireshark:wireshark:1.10.7
  • Wireshark 1.10.8
    cpe:2.3:a:wireshark:wireshark:1.10.8
  • Wireshark 1.10.9
    cpe:2.3:a:wireshark:wireshark:1.10.9
  • Wireshark 1.10.10
    cpe:2.3:a:wireshark:wireshark:1.10.10
  • Wireshark Wireshark 1.10.11
    cpe:2.3:a:wireshark:wireshark:1.10.11
  • Wireshark 1.10.12
    cpe:2.3:a:wireshark:wireshark:1.10.12
  • Wireshark 1.12.0
    cpe:2.3:a:wireshark:wireshark:1.12.0
  • Wireshark 1.12.1
    cpe:2.3:a:wireshark:wireshark:1.12.1
  • Wireshark Wireshark 1.12.2
    cpe:2.3:a:wireshark:wireshark:1.12.2
  • Wireshark 1.12.3
    cpe:2.3:a:wireshark:wireshark:1.12.3
  • cpe:2.3:o:mageia:mageia:4.0
    cpe:2.3:o:mageia:mageia:4.0
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Oracle Linux 7.0
    cpe:2.3:o:oracle:linux:7.0
  • Oracle Solaris 11.2
    cpe:2.3:o:oracle:solaris:11.2
CVSS
Base: 5.0 (as of 21-11-2016 - 22:13)
Impact:
Exploitability:
CWE CWE-19
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Windows
    NASL id WIRESHARK_1_12_4.NASL
    description The version of Wireshark installed remote Windows host is 1.10.x prior to 1.10.13, or 1.12.x prior to 1.12.4. It is, therefore, affected by denial of service vulnerabilities in the following items : - ATN-CPDLC dissector (CVE-2015-2187) - WCP dissector (CVE-2015-2188) - pcapng file parser (CVE-2015-2189) - LLDP dissector (CVE-2015-2190) - TNEF dissector (CVE-2015-2191) - SCSI OSD dissector (CVE-2015-2192) A remote attacker can exploit these vulnerabilities to cause Wireshark to crash or consume excessive CPU resources, either by injecting a specially crafted packet onto the wire or by convincing a user to read a malformed packet trace or PCAP file. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2015-05-24
    plugin id 81672
    published 2015-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81672
    title Wireshark 1.10.x < 1.10.13 / 1.12.x < 1.12.4 Multiple DoS Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-226.NASL
    description Wireshark was updated to 1.10.13 on openSUSE 13.1 to fix bugs and security issues. Wireshark was updated to 1.12.4 on openSUSE 13.2 to fix bugs and security issues. The following security issues were fixed in 1.10.13 : - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.1 3.html The following security issues were fixed in 1.12.4 : - The following security issues were fixed : - The ATN-CPDLC dissector could crash. wnpa-sec-2015-06 CVE-2015-2187 [bnc#920695] - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The LLDP dissector could crash. wnpa-sec-2015-09 CVE-2015-2190 [bnc#920698] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] - The SCSI OSD dissector could go into an infinite loop. wnpa-sec-2015-11 CVE-2015-2192 [bnc#920700] - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.4 .html
    last seen 2018-09-02
    modified 2015-05-24
    plugin id 81869
    published 2015-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81869
    title openSUSE Security Update : wireshark (openSUSE-2015-226)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-198.NASL
    description The following vulnerabilities were discovered in the Squeeze's Wireshark version : CVE-2015-2188 The WCP dissector could crash CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash CVE-2014-8714 TN5250 infinite loops CVE-2014-8713 NCP crashes CVE-2014-8712 NCP crashes CVE-2014-8711 AMQP crash CVE-2014-8710 SigComp UDVM buffer overflow CVE-2014-6432 Sniffer file parser crash CVE-2014-6431 Sniffer file parser crash CVE-2014-6430 Sniffer file parser crash CVE-2014-6429 Sniffer file parser crash CVE-2014-6428 SES dissector crash CVE-2014-6423 MEGACO dissector infinite loop CVE-2014-6422 RTP dissector crash Since back-porting upstream patches to 1.2.11-6+squeeze15 did not fix all the outstanding issues and some issues are not even tracked publicly the LTS Team decided to sync squeeze-lts's wireshark package with wheezy-security to provide the best possible security support. Note that upgrading Wireshark from 1.2.x to 1.8.x introduces several backward-incompatible changes in package structure, shared library API/ABI, availability of dissectors and in syntax of command line parameters. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-06
    plugin id 83002
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83002
    title Debian DLA-198-1 : wireshark security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_WIRESHARK_ON_SL7_X.NASL
    description Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug : - Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. In addition, this update adds the following enhancement : - Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2018-09-01
    modified 2016-10-19
    plugin id 87578
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87578
    title Scientific Linux Security Update : wireshark on SL7.x x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2393.NASL
    description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement : * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 87156
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87156
    title CentOS 7 : wireshark (CESA-2015:2393)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2393.NASL
    description From Red Hat Security Advisory 2015:2393 : Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement : * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 87038
    published 2015-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87038
    title Oracle Linux 7 : wireshark (ELSA-2015-2393)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201510-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201510-03 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-02
    modified 2016-10-10
    plugin id 86688
    published 2015-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86688
    title GLSA-201510-03 : Wireshark: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-150311.NASL
    description Wireshark was updated to version 1.10.13 fixing bugs and security issues : The following security issues have been fixed. - The WCP dissector could crash. wnpa-sec-2015-07 CVE-2015-2188 [bnc#920696] - The pcapng file parser could crash. wnpa-sec-2015-08 CVE-2015-2189 [bnc#920697] - The TNEF dissector could go into an infinite loop. wnpa-sec-2015-10 CVE-2015-2191 [bnc#920699] Further bug fixes and updated protocol support are listed in : https://www.wireshark.org/docs/relnotes/wireshark-1.10.13.html
    last seen 2018-09-01
    modified 2015-05-24
    plugin id 82523
    published 2015-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82523
    title SuSE 11.3 Security Update : wireshark (SAT Patch Number 10444)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-183.NASL
    description Updated wireshark package fixes security vulnerabilies : The WCP dissector could crash (CVE-2015-2188). The pcapng file parser could crash (CVE-2015-2189). The TNEF dissector could go into an infinite loop (CVE-2015-2191).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 82458
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82458
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2015:183)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2393.NASL
    description Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Zember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug : * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the '-F' option. This bug has been fixed, the '-F' option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement : * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 86988
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86988
    title RHEL 7 : wireshark (RHSA-2015:2393)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3210.NASL
    description Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 82511
    published 2015-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82511
    title Debian DSA-3210-1 : wireshark - security update
redhat via4
rpms
  • wireshark-0:1.10.14-7.el7
  • wireshark-devel-0:1.10.14-7.el7
  • wireshark-gnome-0:1.10.14-7.el7
refmap via4
bid 72942
confirm
debian DSA-3210
gentoo GLSA-201510-03
mandriva MDVSA-2015:183
sectrack 1031858
suse openSUSE-SU-2015:0489
Last major update 28-11-2016 - 14:19
Published 07-03-2015 - 21:59
Last modified 30-10-2018 - 12:27
Back to Top