Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-8723

Date: January 3, 2016

The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Language: C

Severity Score

Related Resources (13)

http://www.securitytracker.com/id/1034551
http://www.securityfocus.com/bid/79382
http://www.debian.org/security/2016/dsa-3505
http://www.wireshark.org/security/wnpa-sec-2015-42.html
https://nvd.nist.gov/vuln/detail/CVE-2015-8723
https://security.gentoo.org/glsa/201604-05
https://access.redhat.com/security/cve/CVE-2015-8723
https://security-tracker.debian.org/tracker/CVE-2015-8723
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8723
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b283181c63cb28bc6f58d80315eccca6650da0
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.mend.io/vulnerability-database/CVE-2015-8723

Severity Score

Weakness Type (CWE)

Buffer Errors

CWE-119

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us