4.3
CVSSv2

CVE-2015-8725

Published: 04/01/2016 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x prior to 1.12.9 and 2.0.x prior to 2.0.1 does not validate the IPv6 prefix length, which allows remote malicious users to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Vulnerable Product Search on Vulmon Subscribe to Product

wireshark wireshark 2.0.0

wireshark wireshark 1.12.4

wireshark wireshark 1.12.5

wireshark wireshark 1.12.0

wireshark wireshark 1.12.2

wireshark wireshark 1.12.1

wireshark wireshark 1.12.7

wireshark wireshark 1.12.6

wireshark wireshark 1.12.3

wireshark wireshark 1.12.8

Vendor Advisories

Multiple vulnerabilities were discovered in the dissectors/parsers for Pcapng, NBAP, UMTS FP, DCOM, AllJoyn, T38, SDP, NLM, DNS, BED, SCTP, 80211, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL and Sniffer which could result in denial of service For the oldstable distribution (wheezy), these problems have been fixed in version ...
The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameterc in the DIAMETER dissector in Wireshark 112x before 1129 and 20x before 201 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet ...

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=644 The following crash due to a stack-based buffer overflow can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark ("$ /tshark -nVxr /path/to/file"): --- cut --- ==4567==ERROR: AddressSanitizer: stack-buffer-overflow on ...