Vulnerability Details : CVE-2015-6243
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-6243
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6243
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6243
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-6243
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6243
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11381
11381 – Buildbot crash output: fuzz-2015-07-20-28469.pcapIssue Tracking
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle Solaris Third Party Bulletin - October 2015Third Party Advisory
-
http://www.securityfocus.com/bid/76384
Wireshark 'epan/packet.c' Remote Denial of Service Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html
[SECURITY] Fedora 23 Update: wireshark-1.12.7-2.fc23
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html
[SECURITY] Fedora 22 Update: wireshark-1.12.7-2.fc22
-
http://www.debian.org/security/2015/dsa-3367
Debian -- Security Information -- DSA-3367-1 wireshark
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb1ccbdccde89701f255f921d88992878057477d
code.wireshark Code Review - wireshark.git/commit
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html
openSUSE-SU-2015:1836-1: moderate: Security update for wireshark
-
http://www.wireshark.org/security/wnpa-sec-2015-23.html
Wireshark · wnpa-sec-2015-23 · Dissector table crashVendor Advisory
-
http://www.securitytracker.com/id/1033272
Wireshark Dissector Bugs Lets Remote Users Cause the Target Service to Crash - SecurityTracker
Jump to