ID CVE-2015-3809
Summary The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 01-07-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 74632
confirm
debian DSA-3277
gentoo GLSA-201510-03
Last major update 01-07-2017 - 01:29
Published 26-05-2015 - 15:59
Back to Top