CVE-2015-8742
Gentoo Linux Security Advisory 201604-05
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
La función dissect_CPMSetBindings en epan/dissectors/packet-mswsp.c en el disector MS-WSP en Wireshark 2.0.x en versiones anteriores a 2.0.1 no valida el tamaño de la columna, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída de aplicación) a través de un paquete manipulado.
Multiple vulnerabilities have been found in Wireshark, allowing local attackers to escalate privileges and remote attackers to cause Denial of Service. Versions less than 2.0.2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-03 CVE Reserved
- 2016-01-04 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1034551 | Vdb Entry | |
| https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931 | X_refsource_confirm | |
| https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d48b0eff28c995947ac3f8d842ddd9b50dd5798d | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.wireshark.org/security/wnpa-sec-2015-60.html | 2023-11-07 | |
| https://security.gentoo.org/glsa/201604-05 | 2023-11-07 |