CVE-2015-0560

Severity

50%

Complexity

99%

Confidentiality

48%

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 10 years ago

2015-01-10 02:59:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Wireshark 1.10.0

1.10.0

Wireshark Wireshark 1.10.1

1.10.1

Wireshark Wireshark 1.10.2

1.10.2

Wireshark 1.10.3

1.10.3

Wireshark 1.10.4

1.10.4

Wireshark 1.10.5

1.10.5

Wireshark 1.10.6

1.10.6

Wireshark 1.10.7

1.10.7

Wireshark 1.10.8

1.10.8

Wireshark 1.10.9

1.10.9

Wireshark 1.10.10

1.10.10

Wireshark Wireshark 1.10.11

1.10.11

Wireshark 1.12.0

1.12.0

Wireshark 1.12.1

1.12.1

Wireshark Wireshark 1.12.2

1.12.2

OpenSUSE 13.1

13.1

OpenSUSE 13.2

13.2

References

openSUSE-SU-2015:0113

62612

http://www.wireshark.org/security/wnpa-sec-2015-01.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10806

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a442a1c0e815fd61416cf408bd74d85a042ccc6a

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.