CVE-2015-2187

2015-03-0802:59:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

71.2%

JSON

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

wiresharkwiresharkMatch1.12.0

wiresharkwiresharkMatch1.12.1

wiresharkwiresharkMatch1.12.2

wiresharkwiresharkMatch1.12.3

VendorProductVersionCPE
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
wiresharkwireshark1.12.0cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
wiresharkwireshark1.12.1cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
wiresharkwireshark1.12.2cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
wiresharkwireshark1.12.3cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
wireshark	wireshark	1.12.0	cpe:2.3:a:wireshark:wireshark:1.12.0:::::::*
wireshark	wireshark	1.12.1	cpe:2.3:a:wireshark:wireshark:1.12.1:::::::*
wireshark	wireshark	1.12.2	cpe:2.3:a:wireshark:wireshark:1.12.2:::::::*
wireshark	wireshark	1.12.3	cpe:2.3:a:wireshark:wireshark:1.12.3:::::::*