CVE-2015-2187

EPSS 0.25%
Veröffentlicht 08.03.2015 02:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Wireshark ≫ Wireshark Version1.12.0

Wireshark ≫ Wireshark Version1.12.1

Wireshark ≫ Wireshark Version1.12.2

Wireshark ≫ Wireshark Version1.12.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.455

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html

http://www.securityfocus.com/bid/72940

http://www.securitytracker.com/id/1031858

http://www.wireshark.org/security/wnpa-sec-2015-06.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1a3dd349233a4ee3e69295c8e79f9a216027037e

https://security.gentoo.org/glsa/201510-03

https://nvd.nist.gov/vuln/detail/CVE-2015-2187

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2187

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2187

EUVD