CVE-2015-8723

Published Jan 4, 2016

Last updated a year ago

CVSS medium 5.5

Overview

Description: The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEA2B085-01D2-4707-A9F7-6545E4D6D99A"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE4BBF1A-4303-456C-AD19-F5BCF6FDD76B"
          },
          {
            "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD3D5FFB-1A09-4A06-8E83-DF72E39E1891"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References