CVE-2015-2189

NONE EPSS 90.5%
Published Mar 8, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 8, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Threat Intelligence

EPSS Exploit Probability
90.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-189

Affected Products 24

VendorProductVersionRange
wiresharkwireshark1.10.0any
wiresharkwireshark1.10.1any
wiresharkwireshark1.10.2any
wiresharkwireshark1.10.3any
wiresharkwireshark1.10.4any
wiresharkwireshark1.10.5any
wiresharkwireshark1.10.6any
wiresharkwireshark1.10.7any
wiresharkwireshark1.10.8any
wiresharkwireshark1.10.9any
wiresharkwireshark1.10.10any
wiresharkwireshark1.10.11any
wiresharkwireshark1.10.12any
wiresharkwireshark1.12.0any
wiresharkwireshark1.12.1any
wiresharkwireshark1.12.2any
wiresharkwireshark1.12.3any
oraclelinux7any
oraclesolaris11.2any
opensuseopensuse13.1any
opensuseopensuse13.2any
debiandebian_linux7.0any
debiandebian_linux8.0any
mageiamageia4.0any

References 13

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2015-0117.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-1460.html
  • debian.org http://www.debian.org/security/2015/dsa-3210
    Third Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:183
    Broken Link
  • oracle.com http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/72944
  • securitytracker.com http://www.securitytracker.com/id/1031858
    Third Party AdvisoryVDB Entry
  • wireshark.org http://www.wireshark.org/security/wnpa-sec-2015-08.html
    Vendor Advisory
  • bugs.wireshark.org https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
    Issue Tracking
  • code.wireshark.org https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a835c85e3d662343d7283f1dcdacb8a11d1d0727
  • security.gentoo.org https://security.gentoo.org/glsa/201510-03

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.