Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-4651

Published: 22/07/2015 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Wireshark

Vulnerability Summary

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x prior to 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote malicious users to cause a denial of service (application crash) via a crafted packet.

Vulnerable Product Search on Vulmon Subscribe to Product

wireshark wireshark 1.12.4

wireshark wireshark 1.12.5

wireshark wireshark 1.12.0

wireshark wireshark 1.12.2

wireshark wireshark 1.12.1

wireshark wireshark 1.12.3

debian debian linux 8.0

oracle solaris 11.3

Vendor Advisories

Red Hat: CVE-2015-4651
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccpc in the WCCP dissector in Wireshark 112x before 1126 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet ...

References

CWE-399https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11153http://www.wireshark.org/security/wnpa-sec-2015-19.htmlhttp://www.debian.org/security/2015/dsa-3294http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/75317http://www.securitytracker.com/id/1032662http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.htmlhttps://security.gentoo.org/glsa/201510-03https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=524ed1df6e6126cd63ba419ccb82c83636d77ee4https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-4651
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook