CVE-2015-6242Improper Input Validation in Wireshark

CWE-20Improper Input Validation7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 31.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkOracle Solaris
Timeline
PublishedAug 24
Latest updateMay 17

Description

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

Debianwireshark/wireshark< 1.12.7+g7fc8978-1+3
NVDwireshark/wireshark7 versions+6
NVDoracle/solaris11.3

🔴Vulnerability Details

3
GHSA
GHSA-cxr5-cqh9-cwrf: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block2022-05-17
OSV
CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block2015-08-24
CVEList
CVE-2015-6242: The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block2015-08-24

📋Vendor Advisories

2
Red Hat
wireshark: memory manager crash (wnpa-sec-2015-22)2015-08-11
Debian
CVE-2015-6242: wireshark - The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in ...2015

💬Community

1
Bugzilla
CVE-2015-6242 wireshark: memory manager crash (wnpa-sec-2015-22)2015-08-13
CVE-2015-6242 — Improper Input Validation in Wireshark | cvebase