Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2189

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2189
Last Modified 06 Apr 2015 10:00:54
Published 07 Mar 2015 09:59:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2189

Summary

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Wireshark 1.10.0

  • Wireshark 1.10.1

  • Wireshark 1.10.10

  • Wireshark 1.10.11

  • Wireshark 1.10.12

  • Wireshark 1.10.2

  • Wireshark 1.10.3

  • Wireshark 1.10.4

  • Wireshark 1.10.5

  • Wireshark 1.10.6

  • Wireshark 1.10.7

  • Wireshark 1.10.8

  • Wireshark 1.10.9

  • Wireshark 1.12.0

  • Wireshark 1.12.1

  • Wireshark 1.12.2

  • Wireshark 1.12.3


References

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a835c85e3d662343d7283f1dcdacb8a11d1d0727

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2015-08.html

SUSE - openSUSE-SU-2015:0489

SECTRACK - 1031858

MANDRIVA - MDVSA-2015:183

CONFIRM - http://advisories.mageia.org/MGASA-2015-0117.html

DEBIAN - DSA-3210


Last Updated: 27 May 2016 11:08:00