Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8725Improper Input Validation in Wireshark

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.7%
top 27.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedJan 4
Latest updateMay 17

Description

The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/wireshark< wireshark 2.0.1+g59ea380-1 (bookworm)
Debianwireshark/wireshark< 2.0.1+g59ea380-1+3
NVDwireshark/wireshark10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-5h6q-vfmh-g5jp: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter2022-05-17
OSV
CVE-2015-8725: The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter2016-01-04

💥Exploits & PoCs

1
Exploit-DB
Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Buffer Overflow2015-12-16

📋Vendor Advisories

2
Red Hat
wireshark: DIAMETER dissector crash (wnpa-sec-2015-43)2015-12-29
Debian
CVE-2015-8725: wireshark - The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-...2015

💬Community

1
Bugzilla
CVE-2015-8725 wireshark: DIAMETER dissector crash (wnpa-sec-2015-43)2016-01-06