CVE-2015-8717 : The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in

The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published 2016-01-04 05:59:07

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-8717

Wireshark » Wireshark » Version: 1.12.0
cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.1
cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.2
cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.3
cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.4
cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.5
cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.6
cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.7
cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 1.12.8
cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-8717

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-8717

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-8717

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8717

http://www.wireshark.org/security/wnpa-sec-2015-36.html

Wireshark · wnpa-sec-2015-36 · SDP dissector crash
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887

9887 – Capture causes crash with Telephony->Voip calls

CVEs referencing this url
https://security.gentoo.org/glsa/201604-05

Wireshark: Multiple vulnerabilities (GLSA 201604-05) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/79816

Wireshark Multiple Denial of Service Vulnerabilities

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Oracle Solaris Bulletin - January 2016

CVEs referencing this url
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ddd92b6f8f587325b9e14598658626f3a007c5c

code.wireshark Code Review - wireshark.git/commit
http://www.securitytracker.com/id/1034551

Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3505

Debian -- Security Information -- DSA-3505-1 wireshark

CVEs referencing this url
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2ddd92b6f8f587325b9e14598658626f3a007c5c

Jump to

Vulnerability Details : CVE-2015-8717

Products affected by CVE-2015-8717

Exploit prediction scoring system (EPSS) score for CVE-2015-8717

CVSS scores for CVE-2015-8717

CWE ids for CVE-2015-8717

References for CVE-2015-8717