#VU40557 Input validation error in Wireshark - CVE-2015-8739

Cybersecurity Help s.r.o.

Published: 2016-01-04 | Updated: 2020-08-09

Vulnerability identifier: #VU40557

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2015-8739

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 2.0.0

External links
https://www.securityfocus.com/bid/79382
https://www.securitytracker.com/id/1034551
https://www.wireshark.org/security/wnpa-sec-2015-57.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11831
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96bf82ced0b58c7a4c2a6c300efeebe4f05c0ff4
https://security.gentoo.org/glsa/201604-05

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Wireshark