CVE-2015-6248
published 2015-08-24CVE-2015-6248: The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 1.12.7+g7fc8978-1 (bookworm) | wireshark 1.12.7+g7fc8978-1 (bookworm) |
| oracle | linux | — | — |
| oracle | solaris | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | >= 0 < 1.12.7+g7fc8978-1 | 1.12.7+g7fc8978-1 |
| wireshark | wireshark | >= 0 < 1.12.7+g7fc8978-1 | 1.12.7+g7fc8978-1 |
| wireshark | wireshark | >= 0 < 1.12.7+g7fc8978-1 | 1.12.7+g7fc8978-1 |
| wireshark | wireshark | >= 0 < 1.12.7+g7fc8978-1 | 1.12.7+g7fc8978-1 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM