CVE-2015-8723

MEDIUM

Description

The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

References

http://www.debian.org/security/2016/dsa-3505

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.securityfocus.com/bid/79382

http://www.securitytracker.com/id/1034551

http://www.wireshark.org/security/wnpa-sec-2015-42.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b283181c63cb28bc6f58d80315eccca6650da0

https://security.gentoo.org/glsa/201604-05

Details

Source: MITRE

Published: 2016-01-04

Updated: 2016-12-07

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM