Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0563

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0563
Last Modified 23 Mar 2015 10:02:11
Published 09 Jan 2015 09:59:41
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0563

Summary

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Vulnerable Systems

Application

  • Wireshark 1.10.0

  • Wireshark 1.10.1

  • Wireshark 1.10.10

  • Wireshark 1.10.11

  • Wireshark 1.10.2

  • Wireshark 1.10.3

  • Wireshark 1.10.4

  • Wireshark 1.10.5

  • Wireshark 1.10.6

  • Wireshark 1.10.7

  • Wireshark 1.10.8

  • Wireshark 1.10.9

  • Wireshark 1.12.0

  • Wireshark 1.12.1

  • Wireshark 1.12.2


References

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=854157883bd1972e012c65c0418a9732ef5d9fb0

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=611cfd00c283e7a77a2f1fd89c01b0b9f691411b

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2015-04.html

SECUNIA - 62612

SUSE - openSUSE-SU-2015:0113

MANDRIVA - MDVSA-2015:022

CONFIRM - http://advisories.mageia.org/MGASA-2015-0019.html

Related Patches

Novell SUSE 2015:10279 wireshark security update for SLE 11 SP3 x86_64

Novell SUSE 2015:10279 wireshark security update for SLE 11 SP3 i586


Last Updated: 27 May 2016 11:07:30