Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service
SecurityTracker Alert ID: 1034551|
SecurityTracker URL: http://securitytracker.com/id/1034551
CVE-2015-8711, CVE-2015-8712, CVE-2015-8713, CVE-2015-8714, CVE-2015-8715, CVE-2015-8716, CVE-2015-8717, CVE-2015-8718, CVE-2015-8719, CVE-2015-8720, CVE-2015-8721, CVE-2015-8722, CVE-2015-8723, CVE-2015-8724, CVE-2015-8725, CVE-2015-8726, CVE-2015-8727, CVE-2015-8728, CVE-2015-8729, CVE-2015-8730, CVE-2015-8731, CVE-2015-8732, CVE-2015-8733, CVE-2015-8734, CVE-2015-8735, CVE-2015-8736, CVE-2015-8737, CVE-2015-8738, CVE-2015-8739, CVE-2015-8740, CVE-2015-8741, CVE-2015-8742
(Links to External Site)
Updated: Jan 5 2016|
Original Entry Date: Dec 31 2015
Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 1.12.0 to 1.12.8, 2.0.0|
Multiple vulnerabilities were reported in Wireshark. A remote user can cause the target dissector to crash or enter an infinite loop.|
A remote user can send specially crafted data to cause the target dissector or parser to crash.
The MS-WSP dissector is affected [CVE-2015-8742]. Version 2.0.0 is affected.
The PPI dissector is affected [CVE-2015-8741]. Version 2.0.0 is affected.
The TDS dissector is affected [CVE-2015-8740]. Version 2.0.0 is affected.
The IPMI dissector is affected [CVE-2015-8739]. Version 2.0.0 is affected.
The S7COMM dissector is affected [CVE-2015-8738]. Version 2.0.0 is affected.
The MP2T file parser is affected [CVE-2015-8736, CVE-2015-8737]. Version 2.0.0 is affected.
The BT ATT dissector is affected [CVE-2015-8735]. Version 2.0.0 is affected.
The NWP dissector is affected [CVE-2015-8734]. Version 2.0.0 is affected.
The Sniffer file parser is affected [CVE-2015-8733].
The ZigBee ZCL dissector is affected [CVE-2015-8732].
The RSL dissector is affected [CVE-2015-8731].
The NBAP dissector is affected [CVE-2015-8730].
The Ascend file parser is affected [CVE-2015-8729].
The ANSI A & GSM A dissectors are affected [CVE-2015-8728].
The RSVP dissector is affected [CVE-2015-8727].
The VeriWave file parser is affected [CVE-2015-8726].
The DIAMETER dissector is affected [CVE-2015-8725].
The 802.11 decryption is affected [CVE-2015-8723, CVE-2015-8724].
The SCTP dissector is affected [CVE-2015-8722].
The Zlib decompression is affected [CVE-2015-8721].
The BER dissector is affected [CVE-2015-8720].
The DNS dissector is affected [CVE-2015-8719]. Versions 1.12.x are affected.
The NLM dissector is affected [CVE-2015-8718].
The SDP dissector is affected [CVE-2015-8717]. Versions 1.12.x are affected.
The T.38 dissector is affected [CVE-2015-8716]. Versions 1.12.x are affected.
The DCOM dissector is affected [CVE-2015-8714]. Versions 1.12.x are affected.
The UMTS FP dissector is affected [CVE-2015-8712, CVE-2015-8713]. Versions 1.12.x are affected.
The NBAP dissector is affected [CVE-2015-8711].
A remote user can send specially crafted data to cause the target AllJoyn dissector to enter an infinite loop [CVE-2015-8715]. Versions 1.12.x are affected.
Karol Roslaniec, Boaz Brickner, and Mateusz Jurczyk reported some of these vulnerabilities.
A remote user can cause the target dissector or parser to crash or enter an infinite loop.|
The vendor has issued a fix (1.12.9, 2.0.1).|
The vendor's advisories are available at:
Vendor URL: www.wireshark.org/security/wnpa-sec-2015-31.html (Links to External Site)
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
Source Message Contents
[Original Message Not Available for Viewing]
Go to the Top of This SecurityTracker Archive Page