CVE-2015-2192
Gentoo Linux Security Advisory 201510-03
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
Desbordamiento de enteros en la función dissect_osd2_cdb_continuation en epan/dissectors/packet-scsi-osd.c en el disector SCSI OSD en Wireshark 1.12.x anterior a 1.12.4 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un campo de longitud manipulado en un paquete.
Multiple vulnerabilities have been found in Wireshark, allowing attackers to cause Denial of Service condition. Versions less than 1.12.7 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-03-02 CVE Reserved
- 2015-03-08 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/72937 | Vdb Entry | |
| http://www.securitytracker.com/id/1031858 | Vdb Entry | |
| https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024 | X_refsource_confirm | |
| https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=c35ca6c051adb28c321db54cc138f18637977c9a | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html | 2023-11-07 | |
| http://www.wireshark.org/security/wnpa-sec-2015-11.html | 2023-11-07 | |
| https://security.gentoo.org/glsa/201510-03 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.12.0 Search vendor "Wireshark" for product "Wireshark" and version "1.12.0" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.12.1 Search vendor "Wireshark" for product "Wireshark" and version "1.12.1" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.12.2 Search vendor "Wireshark" for product "Wireshark" and version "1.12.2" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 1.12.3 Search vendor "Wireshark" for product "Wireshark" and version "1.12.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||