CVE-2015-3812 — Missing Release of Memory after Effective Lifetime in Wireshark

CWE-399 CWE-401 — Missing Release of Memory after Effective Lifetime7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Oracle Linux Oracle Solaris

Timeline

PublishedMay 26

Latest updateMay 13

Description

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages4 packages

▶Debianwireshark/wireshark< 1.12.5+g5819e5b-1+3

▶NVDwireshark/wireshark19 versions+18

▶NVDoracle/linux7

▶NVDoracle/solaris11.2

Patches

Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-g66v-ghww-g5gw: Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11↗2022-05-13

▶

OSV

CVE-2015-3812: Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11↗2015-05-26

▶

CVEList

CVE-2015-3812: Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11↗2015-05-26

▶

📋Vendor Advisories

Red Hat

wireshark: X11 memory leak (wnpa-sec-2015-15)↗2015-05-12

▶

Debian

CVE-2015-3812: wireshark - Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packe...↗2015

▶

💬Community

Bugzilla

CVE-2015-3812 wireshark: X11 memory leak (wnpa-sec-2015-15)↗2015-05-18

▶