Published: 08/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x prior to 1.10.13 and 1.12.x prior to 1.12.4 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.10.8
wireshark wireshark 1.12.0
wireshark wireshark 1.10.6
wireshark wireshark 1.10.9
wireshark wireshark 1.10.12
wireshark wireshark 1.10.10
wireshark wireshark 1.10.0
wireshark wireshark 1.12.2
wireshark wireshark 1.10.3
wireshark wireshark 1.10.2
wireshark wireshark 1.10.1
wireshark wireshark 1.12.1
wireshark wireshark 1.10.7
wireshark wireshark 1.10.4
wireshark wireshark 1.12.3
wireshark wireshark 1.10.5
wireshark wireshark 1.10.11
oracle solaris 11.2
oracle linux 7
opensuse opensuse 13.1
opensuse opensuse 13.2
debian debian linux 8.0
debian debian linux 7.0
mageia mageia 4.0

Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service For the stable distribution (wheezy), these problems have been fixed in version 182-5wheezy15 For the upcoming stable distribution (jessie), these problems have been fixed in version 1121+g01b65bf-4 For the uns ...

Debian Bug report logs - #776135 wireshark: Multiple security issues in 1122 and prior versions Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: balint@balintreczeyhu Date: Sat, 24 Jan 2015 10:51:01 UTC Severity: ...

Debian Bug report logs - #780372 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Th ...

Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) ...

Off-by-one error in the pcapng_read function in wiretap/pcapngc in the pcapng file parser in Wireshark 110x before 11013 and 112x before 1124 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet ...

CWE-189 http://www.wireshark.org/security/wnpa-sec-2015-08.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895 http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.securitytracker.com/id/1031858 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://advisories.mageia.org/MGASA-2015-0117.html http://www.debian.org/security/2015/dsa-3210 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72944 https://security.gentoo.org/glsa/201510-03 http://rhn.redhat.com/errata/RHSA-2015-1460.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a835c85e3d662343d7283f1dcdacb8a11d1d0727 https://www.debian.org/security/./dsa-3210 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-2189

CVE-2015-2189

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect