Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2192

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2192
Last Modified 23 Mar 2015 10:02:42
Published 07 Mar 2015 09:59:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2192

Summary

Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Wireshark 1.12.0

  • Wireshark 1.12.1

  • Wireshark 1.12.2

  • Wireshark 1.12.3


References

CONFIRM - https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c35ca6c051adb28c321db54cc138f18637977c9a

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2015-11.html

SUSE - openSUSE-SU-2015:0489

SECTRACK - 1031858


Last Updated: 27 May 2016 11:08:10