5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
51.0%
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
advisories.mageia.org/MGASA-2015-0117.html
lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
rhn.redhat.com/errata/RHSA-2015-1460.html
www.debian.org/security/2015/dsa-3210
www.mandriva.com/security/advisories?name=MDVSA-2015:183
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
www.securityfocus.com/bid/72941
www.securitytracker.com/id/1031858
www.wireshark.org/security/wnpa-sec-2015-10.html
bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=608cf324b3962877e9699f3e81e8f82ac9f1ea14
security.gentoo.org/glsa/201510-03