Vulnerability Details : CVE-2015-8738
The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-8738
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-8738
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2015-8738
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8738
-
http://www.wireshark.org/security/wnpa-sec-2015-56.html
Wireshark · wnpa-sec-2015-56 · S7COMM dissector crashVendor Advisory
-
https://security.gentoo.org/glsa/201604-05
Wireshark: Multiple vulnerabilities (GLSA 201604-05) — Gentoo security
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=858c3f0079f987833fb22eba2c361d1a88ba4103
code.wireshark Code Review - wireshark.git/commit
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11823
11823 – Wireshark division by zero in s7comm_decode_ud_cpu_szl_subfunc
-
http://www.securitytracker.com/id/1034551
Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service - SecurityTracker
Products affected by CVE-2015-8738
- cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*