Lucene search

[email protected]CVE-2015-2187

HistoryMar 08, 2015 - 2:59 a.m.

CVE-2015-2187

2015-03-0802:59:01

CWE-20

[email protected]

web.nvd.nist.gov

atn-cpdlc

wireshark

denial of service

stack memory corruption

cve-2015-2187

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

Affected configurations

NVD

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

wiresharkwiresharkMatch1.12.0

wiresharkwiresharkMatch1.12.1

wiresharkwiresharkMatch1.12.2

wiresharkwiresharkMatch1.12.3

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-updates/2015-03/msg00038.html

www.securityfocus.com/bid/72940

www.securitytracker.com/id/1031858

www.wireshark.org/security/wnpa-sec-2015-06.html

bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952

code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1a3dd349233a4ee3e69295c8e79f9a216027037e

security.gentoo.org/glsa/201510-03

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2015-2187

debiancve1 cvelist1 prion1 ubuntucve1 nvd1 openvas3 kaspersky1 nessus3 gentoo1