Published: 08/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x prior to 1.10.13 and 1.12.x prior to 1.12.4 does not properly initialize a data structure, which allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.10.8
wireshark wireshark 1.12.0
wireshark wireshark 1.10.6
wireshark wireshark 1.10.9
wireshark wireshark 1.10.12
wireshark wireshark 1.10.10
wireshark wireshark 1.10.0
wireshark wireshark 1.12.2
wireshark wireshark 1.10.3
wireshark wireshark 1.10.2
wireshark wireshark 1.10.1
wireshark wireshark 1.12.1
wireshark wireshark 1.10.7
wireshark wireshark 1.10.4
wireshark wireshark 1.12.3
wireshark wireshark 1.10.5
wireshark wireshark 1.10.11
mageia mageia 4.0
opensuse opensuse 13.1
opensuse opensuse 13.2
debian debian linux 8.0
debian debian linux 7.0
oracle solaris 11.2
oracle linux 7

Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service For the stable distribution (wheezy), these problems have been fixed in version 182-5wheezy15 For the upcoming stable distribution (jessie), these problems have been fixed in version 1121+g01b65bf-4 For the uns ...

Debian Bug report logs - #776135 wireshark: Multiple security issues in 1122 and prior versions Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: balint@balintreczeyhu Date: Sat, 24 Jan 2015 10:51:01 UTC Severity: ...

Debian Bug report logs - #780372 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Th ...

epan/dissectors/packet-wcpc in the WCP dissector in Wireshark 110x before 11013 and 112x before 1124 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression ...

CWE-19 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844 http://www.wireshark.org/security/wnpa-sec-2015-07.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.securitytracker.com/id/1031858 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://advisories.mageia.org/MGASA-2015-0117.html http://www.debian.org/security/2015/dsa-3210 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72942 https://security.gentoo.org/glsa/201510-03 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b204ff4846fe84b7789893c6b1d9afbdecac5b5d https://nvd.nist.gov https://www.debian.org/security/./dsa-3210 https://access.redhat.com/security/cve/cve-2015-2188

CVE-2015-2188

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect