Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8728Improper Input Validation in Wireshark

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
1.0%
top 22.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedJan 4
Latest updateMay 17

Description

The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/wireshark< wireshark 2.0.1+g59ea380-1 (bookworm)
Debianwireshark/wireshark< 2.0.1+g59ea380-1+3
NVDwireshark/wireshark10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-9vmv-xmqg-mj5h: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a2022-05-17
OSV
CVE-2015-8728: The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a2016-01-04

💥Exploits & PoCs

1
Exploit-DB
Wireshark - my_dgt_tbcd_unpack Static Buffer Overflow2015-12-16

📋Vendor Advisories

2
Red Hat
wireshark: ANSI A & GSM A dissector crashes (wnpa-sec-2015-46)2015-12-29
Debian
CVE-2015-8728: wireshark - The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A ...2015

💬Community

1
Bugzilla
CVE-2015-8728 wireshark: ANSI A & GSM A dissector crashes (wnpa-sec-2015-46)2016-01-06