Published: 08/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x prior to 1.10.13 and 1.12.x prior to 1.12.4 allows remote malicious users to cause a denial of service (infinite loop) via a crafted length field in a packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
debian debian linux 7.0
mageia mageia 4.0
wireshark wireshark 1.10.8
wireshark wireshark 1.12.0
wireshark wireshark 1.10.6
wireshark wireshark 1.10.9
wireshark wireshark 1.10.12
wireshark wireshark 1.10.10
wireshark wireshark 1.10.0
wireshark wireshark 1.12.2
wireshark wireshark 1.10.3
wireshark wireshark 1.10.2
wireshark wireshark 1.10.1
wireshark wireshark 1.12.1
wireshark wireshark 1.10.7
wireshark wireshark 1.10.4
wireshark wireshark 1.12.3
wireshark wireshark 1.10.5
wireshark wireshark 1.10.11
opensuse opensuse 13.1
opensuse opensuse 13.2

Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service For the stable distribution (wheezy), these problems have been fixed in version 182-5wheezy15 For the upcoming stable distribution (jessie), these problems have been fixed in version 1121+g01b65bf-4 For the uns ...

Debian Bug report logs - #776135 wireshark: Multiple security issues in 1122 and prior versions Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: balint@balintreczeyhu Date: Sat, 24 Jan 2015 10:51:01 UTC Severity: ...

Debian Bug report logs - #780372 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Th ...

Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) ...

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnefc in the TNEF dissector in Wireshark 110x before 11013 and 112x before 1124 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet ...

CWE-189 http://www.wireshark.org/security/wnpa-sec-2015-10.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023 http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.securitytracker.com/id/1031858 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://advisories.mageia.org/MGASA-2015-0117.html http://www.debian.org/security/2015/dsa-3210 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72941 https://security.gentoo.org/glsa/201510-03 http://rhn.redhat.com/errata/RHSA-2015-1460.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=608cf324b3962877e9699f3e81e8f82ac9f1ea14 https://nvd.nist.gov https://www.debian.org/security/./dsa-3210 https://access.redhat.com/security/cve/cve-2015-2191

CVE-2015-2191

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect