Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2190

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2190
Last Modified 23 Mar 2015 10:02:40
Published 07 Mar 2015 09:59:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2190

Summary

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Wireshark 1.12.0

  • Wireshark 1.12.1

  • Wireshark 1.12.2

  • Wireshark 1.12.3


References

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d1865e000ebedf49fc0d9f221a11d6af74360837

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2015-09.html

SUSE - openSUSE-SU-2015:0489

SECTRACK - 1031858


Last Updated: 27 May 2016 11:08:08