CVE-2015-8736

EPSS 0.69%
Published 04.01.2016 05:59:26
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.69%	0.707

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1034551

https://security.gentoo.org/glsa/201604-05

http://www.securityfocus.com/bid/79382

http://www.wireshark.org/security/wnpa-sec-2015-54.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11820

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=baa3eab78b422616a92ee38551c1b1510dca4ccb

https://nvd.nist.gov/vuln/detail/CVE-2015-8736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8736

EUVD