CVE-2015-3809 — Infinite Loop in Wireshark

CWE-189 CWE-835 — Infinite Loop6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 32.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedMay 26

Latest updateMay 17

Description

The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.12.5+g5819e5b-1 (bookworm)

▶Debianwireshark/wireshark< 1.12.5+g5819e5b-1+3

▶NVDwireshark/wireshark5 versions+4

🔴Vulnerability Details

GHSA

GHSA-cw7p-98g4-9g94: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr↗2022-05-17

▶

OSV

CVE-2015-3809: The dissect_lbmr_pser function in epan/dissectors/packet-lbmr↗2015-05-26

▶

📋Vendor Advisories

Red Hat

wireshark: LBMR infinite loop (wnpa-sec-2015-12)↗2015-05-12

▶

Debian

CVE-2015-3809: wireshark - The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR diss...↗2015

▶

💬Community

Bugzilla

CVE-2015-3808 CVE-2015-3809 wireshark: LBMR infinite loop (wnpa-sec-2015-12)↗2015-05-18

▶