CVE-2015-2188Out-of-bounds Read in Wireshark

CWE-19CWE-125Out-of-bounds ReadCWE-665Improper Initialization11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 43.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
WiresharkDebian LinuxMageia+3 more
Timeline
PublishedMar 8
Latest updateMay 13

Description

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

Debianwireshark/wireshark< 1.12.1+g01b65bf-4+3
NVDwireshark/wireshark17 versions+16
NVDmageia/mageia4.0
NVDoracle/solaris11.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

3
GHSA
GHSA-m5wv-rfcq-fg25: epan/dissectors/packet-wcp2022-05-13
OSV
CVE-2015-2188: epan/dissectors/packet-wcp2015-03-08
CVEList
CVE-2015-2188: epan/dissectors/packet-wcp2015-03-08

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'iowarrior' Driver Crash (PoC)2016-03-14

📋Vendor Advisories

3
Red Hat
wireshark: WCP dissector crash (wnpa-sec-2015-14)2015-05-12
Red Hat
wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)2015-03-04
Debian
CVE-2015-2188: wireshark - epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.1...2015

💬Community

2
Bugzilla
CVE-2015-2188 wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)2015-03-05
Bugzilla
CVE-2015-2192 CVE-2015-2191 CVE-2015-2190 CVE-2015-2188 CVE-2015-2189 CVE-2015-2187 wireshark: various flaws [fedora-all]2015-03-05
CVE-2015-2188 — Out-of-bounds Read in Wireshark | cvebase