5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.004 Low
EPSS
Percentile
72.6%
CentOS Errata and Security Advisory CESA-2015:2393
The wireshark packages contain a network protocol analyzer used to capture
and browse the traffic running on a computer network.
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191,
CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710,
CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562,
CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244,
CVE-2015-6245, CVE-2015-6246, CVE-2015-6248)
The CVE-2015-3182 issue was discovered by Martin Ε½ember of Red Hat.
The wireshark packages have been upgraded to upstream version 1.10.14,
which provides a number of bug fixes and enhancements over the previous
version. (BZ#1238676)
This update also fixes the following bug:
In addition, this update adds the following enhancement:
All wireshark users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. All running instances of
Wireshark must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-November/028945.html
Affected packages:
wireshark
wireshark-devel
wireshark-gnome
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2393
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | i686 | wireshark | <Β 1.10.14-7.el7 | wireshark-1.10.14-7.el7.i686.rpm |
CentOS | 7 | x86_64 | wireshark | <Β 1.10.14-7.el7 | wireshark-1.10.14-7.el7.x86_64.rpm |
CentOS | 7 | i686 | wireshark-devel | <Β 1.10.14-7.el7 | wireshark-devel-1.10.14-7.el7.i686.rpm |
CentOS | 7 | x86_64 | wireshark-devel | <Β 1.10.14-7.el7 | wireshark-devel-1.10.14-7.el7.x86_64.rpm |
CentOS | 7 | x86_64 | wireshark-gnome | <Β 1.10.14-7.el7 | wireshark-gnome-1.10.14-7.el7.x86_64.rpm |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.004 Low
EPSS
Percentile
72.6%