CVE-2015-2189Off-by-one Error in Wireshark

CWE-189CWE-193Off-by-one Error8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 38.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
WiresharkDebian LinuxMageia+3 more
Timeline
PublishedMar 8
Latest updateMay 13

Description

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

Debianwireshark/wireshark< 1.12.1+g01b65bf-4+3
NVDwireshark/wireshark17 versions+16
NVDmageia/mageia4.0
NVDoracle/solaris11.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

3
GHSA
GHSA-2g8p-8mm7-ff75: Off-by-one error in the pcapng_read function in wiretap/pcapng2022-05-13
OSV
CVE-2015-2189: Off-by-one error in the pcapng_read function in wiretap/pcapng2015-03-08
CVEList
CVE-2015-2189: Off-by-one error in the pcapng_read function in wiretap/pcapng2015-03-08

📋Vendor Advisories

2
Red Hat
wireshark: The pcapng file parser could crash (wnpa-sec-2015-08)2015-03-04
Debian
CVE-2015-2189: wireshark - Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng f...2015

💬Community

2
Bugzilla
CVE-2015-2189 wireshark: The pcapng file parser could crash (wnpa-sec-2015-08)2015-03-05
Bugzilla
CVE-2015-2192 CVE-2015-2191 CVE-2015-2190 CVE-2015-2188 CVE-2015-2189 CVE-2015-2187 wireshark: various flaws [fedora-all]2015-03-05
CVE-2015-2189 — Off-by-one Error in Wireshark | cvebase