Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8723 — Improper Input Validation in Wireshark

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

1.3%

top 20.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJan 4

Latest updateMay 17

Description

The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.0.1+g59ea380-1 (bookworm)

▶Debianwireshark/wireshark< 2.0.1+g59ea380-1+3

▶NVDwireshark/wireshark9 versions+8

🔴Vulnerability Details

GHSA

GHSA-h986-rmmv-vv7r: The AirPDcapPacketProcess function in epan/crypt/airpdcap↗2022-05-17

▶

OSV

CVE-2015-8723: The AirPDcapPacketProcess function in epan/crypt/airpdcap↗2016-01-04

▶

💥Exploits & PoCs

Exploit-DB

Wireshark - AirPDcapPacketProcess Stack Buffer Overflow↗2015-12-16

▶

📋Vendor Advisories

Red Hat

wireshark: 802.11 decryption crash (wnpa-sec-2015-42)↗2015-12-29

▶

Debian

CVE-2015-8723: wireshark - The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissec...↗2015

▶

💬Community

Bugzilla

CVE-2015-8723 CVE-2015-8724 wireshark: 802.11 decryption crash (wnpa-sec-2015-42)↗2016-01-06

▶