CVE-2015-6245Improper Input Validation in Wireshark

CWE-20Improper Input ValidationCWE-835Infinite Loop7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 40.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkOracle LinuxOracle Solaris
Timeline
PublishedAug 24
Latest updateMay 13

Description

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianwireshark/wireshark< 1.12.7+g7fc8978-1+3
NVDwireshark/wireshark7 versions+6
NVDoracle/solaris11.3

🔴Vulnerability Details

3
GHSA
GHSA-jrcq-8mhg-jrj4: epan/dissectors/packet-gsm_rlcmac2022-05-13
CVEList
CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac2015-08-24
OSV
CVE-2015-6245: epan/dissectors/packet-gsm_rlcmac2015-08-24

📋Vendor Advisories

2
Red Hat
wireshark: GSM RLC/MAC dissector infinite loop (wnpa-sec-2015-25)2015-08-11
Debian
CVE-2015-6245: wireshark - epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1....2015

💬Community

1
Bugzilla
CVE-2015-6245 wireshark: GSM RLC/MAC dissector infinite loop (wnpa-sec-2015-25)2015-08-13
CVE-2015-6245 — Improper Input Validation in Wireshark | cvebase