Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-8733

Date: January 3, 2016

The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

Language: C

Severity Score

Related Resources (13)

http://www.securitytracker.com/id/1034551
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=53a3e53fce30523d11ab3df319fba7b75d63076f
http://www.debian.org/security/2016/dsa-3505
http://www.securityfocus.com/bid/79814
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
https://security.gentoo.org/glsa/201604-05
https://nvd.nist.gov/vuln/detail/CVE-2015-8733
https://access.redhat.com/security/cve/CVE-2015-8733
https://security-tracker.debian.org/tracker/CVE-2015-8733
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8733
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.wireshark.org/security/wnpa-sec-2015-51.html
https://www.mend.io/vulnerability-database/CVE-2015-8733

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us