CVE-2015-3810Infinite Loop in Wireshark

Severity
7.8HIGHNVD
EPSS
0.5%
top 33.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 26
Latest updateMay 17

Description

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.12.5+g5819e5b-1 (bookworm)
Debianwireshark/wireshark< 1.12.5+g5819e5b-1+3
NVDwireshark/wireshark5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-6xc2-5j24-689q: epan/dissectors/packet-websocket2022-05-17
OSV
CVE-2015-3810: epan/dissectors/packet-websocket2015-05-26

📋Vendor Advisories

2
Red Hat
wireshark: WebSocket DoS (wnpa-sec-2015-13)2015-05-12
Debian
CVE-2015-3810: wireshark - epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12....2015

💬Community

1
Bugzilla
CVE-2015-3810 wireshark: WebSocket DoS (wnpa-sec-2015-13)2015-05-18