Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2015-8742 CVE-2015-8741 CVE-2015-8740 CVE-2015-8738 CVE-2015-8739 CVE-2015-8737 CVE-2015-8736 CVE-2015-8735 CVE-2015-8734 |
| CWE-ID | CWE-20 CWE-121 CWE-369 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU40553
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8742
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-60.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d48b0eff28c995947ac3f8d842ddd9b50dd5798d
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU40554
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8741
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-59.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11876
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2290eba5cb25f927f9142680193ac1158d35506e
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU40555
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8740
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector when processing a crafted packet. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securityfocus.com/bid/79382
http://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-58.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11846
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e78093f69f1e95df919bbe644baa06c7e4e720c0
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Division by zero
EUVDB-ID: #VU40556
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8738
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-56.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11823
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=858c3f0079f987833fb22eba2c361d1a88ba4103
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU40557
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-8739
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securityfocus.com/bid/79382
http://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-57.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11831
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96bf82ced0b58c7a4c2a6c300efeebe4f05c0ff4
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Division by zero
EUVDB-ID: #VU40558
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8737
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted file.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-55.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11821
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e3fc691368af60bbbaec9e038ee6a6d3b7707955
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU40559
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-8736
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser when processing a crafted file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securityfocus.com/bid/79382
http://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-54.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11820
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=baa3eab78b422616a92ee38551c1b1510dca4ccb
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Input validation error
EUVDB-ID: #VU40560
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-8735
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securityfocus.com/bid/79382
http://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-53.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Input validation error
EUVDB-ID: #VU40561
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-8734
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 2.0.0
CPE2.3 External linkshttp://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-52.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11726
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2c889abe0219fc162659e106c5b95deb6268f3
http://security.gentoo.org/glsa/201604-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
