CVE-2015-2190 : epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

Published 2015-03-08 02:59:05

Updated 2018-10-30 16:27:36

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-2190

Oracle » Solaris » Version: 11.2
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.0
cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.1
cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.2
cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.3
cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2190

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2190

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2015-2190

CWE-19

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2190

http://www.wireshark.org/security/wnpa-sec-2015-09.html

Wireshark · wnpa-sec-2015-09 · LLDP dissector crash
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Oracle Solaris Third Party Bulletin - April 2015
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html

openSUSE-SU-2015:0489-1: moderate: Security update for wireshark
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/72938

Wireshark LLDP Dissector CVE-2015-2190 Denial of Service Vulnerability
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d1865e000ebedf49fc0d9f221a11d6af74360837

code.wireshark Code Review - wireshark.git/commit
Patch;Vendor Advisory
http://www.securitytracker.com/id/1031858

Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://security.gentoo.org/glsa/201510-03

Wireshark: Multiple vulnerabilities (GLSA 201510-03) — Gentoo security

CVEs referencing this url
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983

10983 – Buildbot crash output: fuzz-2015-02-20-11117.pcap
Issue Tracking

Jump to

Vulnerability Details : CVE-2015-2190

Products affected by CVE-2015-2190

Exploit prediction scoring system (EPSS) score for CVE-2015-2190

CVSS scores for CVE-2015-2190

CWE ids for CVE-2015-2190

References for CVE-2015-2190