CVE-2015-8732
published 2016-01-04CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9…
PriorityP427medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EXPLOIT
EPSS
4.79%
90.8th percentile
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 2.0.1+g59ea380-1 (bookworm) | wireshark 2.0.1+g59ea380-1 (bookworm) |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | >= 0 < 2.0.1+g59ea380-1 | 2.0.1+g59ea380-1 |
| wireshark | wireshark | >= 0 < 2.0.1+g59ea380-1 | 2.0.1+g59ea380-1 |
| wireshark | wireshark | >= 0 < 2.0.1+g59ea380-1 | 2.0.1+g59ea380-1 |
| wireshark | wireshark | >= 0 < 2.0.1+g59ea380-1 | 2.0.1+g59ea380-1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mrgx-cr9j-6gwv: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general
ghsa_unreviewed·2022-05-17
CVE-2015-8732 [MEDIUM] CWE-20 GHSA-mrgx-cr9j-6gwv: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
OSV
CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general
osv·2016-01-04·CVSS 5.5
CVE-2015-8732 [MEDIUM] CVE-2015-8732: The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Red Hat
wireshark: ZigBee ZCL dissector crash (wnpa-sec-2015-50)
vendor_redhat·2015-12-29·CVSS 5.5
CVE-2015-8732 [MEDIUM] CWE-125 wireshark: ZigBee ZCL dissector crash (wnpa-sec-2015-50)
wireshark: ZigBee ZCL dissector crash (wnpa-sec-2015-50)
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Package: wireshark (Red Hat Enterprise Linux 5) - Will not fix
Package: wireshark (Red Hat Enterprise Linux 6) - Will not fix
Package: wireshark (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2015-8732: wireshark - The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee...
vendor_debian·2015·CVSS 5.5
CVE-2015-8732 [MEDIUM] CVE-2015-8732: wireshark - The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee...
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Scope: local
bookworm: resolved (fixed in 2.0.1+g59ea380-1)
bullseye: resolved (fixed in 2.0.1+g59ea380-1)
forky: resolved (fixed in 2.0.1+g59ea380-1)
sid: resolved (fixed in 2.0.1+g59ea380-1)
trixie: resolved (fixed in 2.0.1+g59ea380-1)
No detection rules found.
arXiv
Mission Aware Cyber-physical Security
arxiv_fulltext·2025-10-23
Mission Aware Cyber-physical Security
Mission Aware Cyber-physical Security
[1]Georgios Bakirtzis
[2]Bryan Carter
[3]Cody H. Fleming
[4]Carl R. Elks
[1]LTCI, Télécom Paris, Institut Polytechnique de Paris
[2]University of Virginia
[3]Iowa State University
[4]Virginia Commonwealth University
Cody Fleming PhD, Iowa State University, Ames, Iowa, 50011, USA
[email protected]
## Abstract
Perimeter cybersecurity, while essential, has proven insufficient against sophisticated, coordinated, and cyber-physical attacks. In contrast, mission-centric cybersecurity emphasizes finding evidence of attack impact on mission success, allowing for targeted resource allocation to mitigate vulnerabilities and protect critical assets. Mission Aware is a systems-theoretic cybersecurity analysis that identifies components which, if compromised,
arXiv
Data Driven Vulnerability Exploration for Design Phase System Analysis
arxiv_fulltext·2019-09-06
Data Driven Vulnerability Exploration for Design Phase System Analysis
Data Driven Vulnerability Exploration
for Design Phase System Analysis
Georgios Bakirtzis,
Brandon J. Simon,
Aidan G. Collins,
Cody H. Fleming,
and Carl R. Elks
G. Bakirtzis and C.H. Fleming are with the University of Virginia, Charlottesville, VA USA.
E-mail: \bakirtzis,fleming\@virginia.edu
B.J. Simon, A.G. Collins, and C.R. Elks are with Virginia Commonwealth University, Richmond, VA USA.
Email: \simonbj,collinsag,crelks\@vcu.edu
## Abstract
Applying security as a lifecycle practice is becoming increasingly important
to combat targeted attacks in safety-critical systems.
Among others there are two significant challenges in this area:
(1) the need for models that can characterize a realistic system
in the absence of an implementation and
(2) an automated way to associate attack vect
arXiv
A Model-Based Approach to Security Analysis for Cyber-Physical Systems
arxiv_fulltext·2018-06-10
A Model-Based Approach to Security Analysis for Cyber-Physical Systems
## Abstract
Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In thi
Bugzilla
CVE-2015-8732 wireshark: ZigBee ZCL dissector crash (wnpa-sec-2015-50)
bugzilla·2016-01-06·CVSS 5.5
CVE-2015-8732 [MEDIUM] CVE-2015-8732 wireshark: ZigBee ZCL dissector crash (wnpa-sec-2015-50)
CVE-2015-8732 wireshark: ZigBee ZCL dissector crash (wnpa-sec-2015-50)
It was reported that Wireshark's ZigBee ZCL dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
This flaw is fixed in the following Wireshark versions: 2.0.1, 1.12.9.
Upstream bug(s):
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
External References:
https://www.wireshark.org/security/wnpa-sec-2015-50
Discussion:
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1296097]
http://www.debian.org/security/2016/dsa-3505http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/79382http://www.securitytracker.com/id/1034551http://www.wireshark.org/security/wnpa-sec-2015-50.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9352616ec9742f2ed3d2802d0c8c100d51ca410bhttps://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38https://security.gentoo.org/glsa/201604-05http://www.debian.org/security/2016/dsa-3505http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/79382http://www.securitytracker.com/id/1034551http://www.wireshark.org/security/wnpa-sec-2015-50.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9352616ec9742f2ed3d2802d0c8c100d51ca410bhttps://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38https://security.gentoo.org/glsa/201604-05
2016-01-04
Published