CVE-2015-8711

EPSS 0.09%
Published 04.01.2016 05:59:01
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

Affected products Warnungen 0 Metrics 3 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version1.12.0

Wireshark ≫ Wireshark Version1.12.1

Wireshark ≫ Wireshark Version1.12.2

Wireshark ≫ Wireshark Version1.12.3

Wireshark ≫ Wireshark Version1.12.4

Wireshark ≫ Wireshark Version1.12.5

Wireshark ≫ Wireshark Version1.12.6

Wireshark ≫ Wireshark Version1.12.7

Wireshark ≫ Wireshark Version1.12.8

Wireshark ≫ Wireshark Version2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.debian.org/security/2016/dsa-3505

http://www.securityfocus.com/bid/79814

http://www.securitytracker.com/id/1034551

http://www.wireshark.org/security/wnpa-sec-2015-31.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=23379ae3624df82c170f48e5bb3250a97ec61c13

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5b4ada17723ed8af7e85cb48d537437ed614e417

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5bf565690ad9f0771196d8fa237aa37fae3bb7cc

https://security.gentoo.org/glsa/201604-05

https://nvd.nist.gov/vuln/detail/CVE-2015-8711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8711

EUVD