#VU40560 Input validation error in Wireshark - CVE-2015-8735

Cybersecurity Help s.r.o.

Published: 2016-01-04 | Updated: 2020-08-09

Vulnerability identifier: #VU40560

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2015-8735

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 2.0.0

External links
https://www.securityfocus.com/bid/79382
https://www.securitytracker.com/id/1034551
https://www.wireshark.org/security/wnpa-sec-2015-53.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
https://security.gentoo.org/glsa/201604-05

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Wireshark