CVE-2015-0564 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131 — Incorrect Calculation of Buffer Size8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Linux Opensuse +2 more

Timeline

PublishedJan 10

Latest updateMay 13

Description

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶Debianwireshark/wireshark< 1.12.1+g01b65bf-3+3

▶NVDwireshark/wireshark15 versions+14

▶NVDoracle/linux7

▶NVDoracle/solaris11.2

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-wmjp-f22x-624h: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils↗2022-05-13

▶

CVEList

CVE-2015-0564: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils↗2015-01-10

▶

OSV

CVE-2015-0564: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils↗2015-01-10

▶

📋Vendor Advisories

Red Hat

wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05)↗2015-01-07

▶

Debian

CVE-2015-0564: wireshark - Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ss...↗2015

▶

💬Community

Bugzilla

CVE-2015-0564 wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05) [fedora-all]↗2015-01-08

▶

Bugzilla

CVE-2015-0564 wireshark: TLS/SSL decryption crash (wnpa-sec-2015-05)↗2015-01-08

▶