CVE-2015-4651Wireshark vulnerability

CWE-3998 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkDebian LinuxOracle Solaris
Timeline
PublishedJul 22
Latest updateMay 17

Description

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianwireshark/wireshark< 1.12.6+gee1fce6-1+3
NVDwireshark/wireshark6 versions+5
NVDoracle/solaris11.3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-wmj6-6646-26fx: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp2022-05-17
OSV
CVE-2015-4651: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp2015-07-22
CVEList
CVE-2015-4651: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp2015-07-22

📋Vendor Advisories

2
Red Hat
wireshark: WCCP dissector crash (wnpa-sec-2015-19)2015-06-17
Debian
CVE-2015-4651: wireshark - The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c...2015

💬Community

2
Bugzilla
CVE-2015-4651 wireshark: WCCP dissector crash (wnpa-sec-2015-19)2015-06-22
Bugzilla
CVE-2014-4651 JClouds: predictable tmp file creation in ScriptBuilder Statements2014-06-24
CVE-2015-4651 — Wireshark vulnerability | cvebase