Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2187

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2187
Last Modified 23 Mar 2015 10:02:37
Published 07 Mar 2015 09:59:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2187

Summary

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Wireshark 1.12.0

  • Wireshark 1.12.1

  • Wireshark 1.12.2

  • Wireshark 1.12.3


References

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1a3dd349233a4ee3e69295c8e79f9a216027037e

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2015-06.html

SUSE - openSUSE-SU-2015:0489

SECTRACK - 1031858


Last Updated: 27 May 2016 11:08:08