CVE-2015-8711

EPSS 0.09%
Veröffentlicht 04.01.2016 05:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version1.12.0

Wireshark ≫ Wireshark Version1.12.1

Wireshark ≫ Wireshark Version1.12.2

Wireshark ≫ Wireshark Version1.12.3

Wireshark ≫ Wireshark Version1.12.4

Wireshark ≫ Wireshark Version1.12.5

Wireshark ≫ Wireshark Version1.12.6

Wireshark ≫ Wireshark Version1.12.7

Wireshark ≫ Wireshark Version1.12.8

Wireshark ≫ Wireshark Version2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.debian.org/security/2016/dsa-3505

http://www.securityfocus.com/bid/79814

http://www.securitytracker.com/id/1034551

http://www.wireshark.org/security/wnpa-sec-2015-31.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=23379ae3624df82c170f48e5bb3250a97ec61c13

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5b4ada17723ed8af7e85cb48d537437ed614e417

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5bf565690ad9f0771196d8fa237aa37fae3bb7cc

https://security.gentoo.org/glsa/201604-05

https://nvd.nist.gov/vuln/detail/CVE-2015-8711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8711

EUVD