CVE-2015-2187 : The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

Published 2015-03-08 02:59:02

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2015-2187

Wireshark » Wireshark » Version: 1.12.0
cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.1
cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.2
cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.3
cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2187

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 46 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2187

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2015-2187

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2187

http://www.wireshark.org/security/wnpa-sec-2015-06.html

Wireshark · wnpa-sec-2015-06 · ATN-CPDLC dissector crash
Vendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1a3dd349233a4ee3e69295c8e79f9a216027037e
http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html

openSUSE-SU-2015:0489-1: moderate: Security update for wireshark

CVEs referencing this url
http://www.securitytracker.com/id/1031858

Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1a3dd349233a4ee3e69295c8e79f9a216027037e

code.wireshark Code Review - wireshark.git/commit
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952

9952 – Buildbot crash output: fuzz-2014-04-02-7762.pcap
https://security.gentoo.org/glsa/201510-03

Wireshark: Multiple vulnerabilities (GLSA 201510-03) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/72940

Wireshark ATN-CPDLC Dissector CVE-2015-2187 Denial of Service Vulnerability

Jump to

Vulnerability Details : CVE-2015-2187

Products affected by CVE-2015-2187

Exploit prediction scoring system (EPSS) score for CVE-2015-2187

CVSS scores for CVE-2015-2187

CWE ids for CVE-2015-2187

References for CVE-2015-2187