ID CVE-2015-4651
Summary The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
References
Vulnerable Configurations
  • Wireshark 1.12.0
    cpe:2.3:a:wireshark:wireshark:1.12.0
  • Wireshark 1.12.1
    cpe:2.3:a:wireshark:wireshark:1.12.1
  • Wireshark Wireshark 1.12.2
    cpe:2.3:a:wireshark:wireshark:1.12.2
  • Wireshark 1.12.3
    cpe:2.3:a:wireshark:wireshark:1.12.3
  • Wireshark 1.12.4
    cpe:2.3:a:wireshark:wireshark:1.12.4
  • Wireshark Wireshark 1.12.5
    cpe:2.3:a:wireshark:wireshark:1.12.5
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
CVSS
Base: 5.0 (as of 18-10-2016 - 11:22)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3294.NASL
    description Multiple vulnerabilities were discovered in the dissectors for WCCP and GSM DTAP, which could result in denial of service. The oldstable distribution (wheezy) is not affected.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84350
    published 2015-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84350
    title Debian DSA-3294-1 : wireshark - security update
  • NASL family Windows
    NASL id WIRESHARK_1_12_6.NASL
    description The version of Wireshark installed on the remote Windows host is 1.12.x prior to 1.12.6. It is, therefore, affected by multiple denial of service vulnerabilities : - An unspecified flaw exists in the WCCP dissector. A remote attacker can exploit this flaw, by injecting a specially crafted packet or by convincing a user to open a malformed PCAP file, to crash the application. (CVE-2015-4651) - An unspecified flaw exists in the GSM DTAP dissector. A remote attacker can exploit this flaw, by injecting a specially crafted packet or by convincing a user to open a malformed PCAP file, to crash the application. (CVE-2015-4652) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 84398
    published 2015-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84398
    title Wireshark 1.12.x < 1.12.6 Multiple DoS Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-478.NASL
    description Wireshark was updated to 1.12.6 to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-4651: The WCCP dissector crashed when reading specially crafted packages from the network or a capture files (wnpa-sec-2015-19, boo#935157). - CVE-2015-4652: The GSM DTAP dissector crashed when reading specially crafted packages from the network or a capture file (wnpa-sec-2015-20, boo#935158). This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.6.html
    last seen 2019-02-21
    modified 2015-07-23
    plugin id 84657
    published 2015-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84657
    title openSUSE Security Update : wireshark (openSUSE-2015-478)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201510-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201510-03 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-10-10
    plugin id 86688
    published 2015-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86688
    title GLSA-201510-03 : Wireshark: Multiple vulnerabilities
refmap via4
bid 75317
confirm
debian DSA-3294
gentoo GLSA-201510-03
sectrack 1032662
suse openSUSE-SU-2015:1215
Last major update 23-12-2016 - 21:59
Published 21-07-2015 - 21:59
Last modified 30-06-2017 - 21:29
Back to Top