Published: 10/01/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x prior to 1.10.12 and 1.12.x prior to 1.12.3 allows remote malicious users to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.10.8
wireshark wireshark 1.12.0
wireshark wireshark 1.10.6
wireshark wireshark 1.10.9
wireshark wireshark 1.10.10
wireshark wireshark 1.10.0
wireshark wireshark 1.12.2
wireshark wireshark 1.10.3
wireshark wireshark 1.10.2
wireshark wireshark 1.10.1
wireshark wireshark 1.12.1
wireshark wireshark 1.10.7
wireshark wireshark 1.10.4
wireshark wireshark 1.10.5
wireshark wireshark 1.10.11
oracle solaris 11.2
oracle linux 7
debian debian linux 8.0
debian debian linux 7.0
opensuse opensuse 13.1
opensuse opensuse 13.2

Debian Bug report logs - #776135 wireshark: Multiple security issues in 1122 and prior versions Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: balint@balintreczeyhu Date: Sat, 24 Jan 2015 10:51:01 UTC Severity: ...

Debian Bug report logs - #780372 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Th ...

Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) ...

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utilsc in Wireshark 110x before 11012 and 112x before 1123 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session ...

CWE-119 http://www.wireshark.org/security/wnpa-sec-2015-05.html http://secunia.com/advisories/62612 http://secunia.com/advisories/62673 http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html http://www.debian.org/security/2015/dsa-3141 http://www.mandriva.com/security/advisories?name=MDVSA-2015:022 http://advisories.mageia.org/MGASA-2015-0019.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.securityfocus.com/bid/71922 http://rhn.redhat.com/errata/RHSA-2015-1460.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d3581aecda62d2a51ea7088fd46975415b03ec57 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776135 https://access.redhat.com/security/cve/cve-2015-0564 https://alas.aws.amazon.com/ALAS-2015-580.html

CVE-2015-0564

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect