CVE-2015-0561

Published: Jan 10, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.

Affected (18)

Products: Wireshark: Wireshark · Opensuse: Opensuse · Oracle: Solaris

1 product

1 product

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.10
Wireshark Wireshark	Version 1.10.11
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3
Wireshark Wireshark	Version 1.10.4
Wireshark Wireshark	Version 1.10.5
Wireshark Wireshark	Version 1.10.6
Wireshark Wireshark	Version 1.10.7
Wireshark Wireshark	Version 1.10.8
Wireshark Wireshark	Version 1.10.9
Wireshark Wireshark	Version 1.12.0
Wireshark Wireshark	Version 1.12.1
Wireshark Wireshark	Version 1.12.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/62612

Source: cve@mitre.org

Broken Link

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: cve@mitre.org

Third Party Advisory

http://www.wireshark.org/security/wnpa-sec-2015-02.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10773

Source: cve@mitre.org

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8e96830156bea314207b97315ccebd605317f142

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/62612

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.wireshark.org/security/wnpa-sec-2015-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10773

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8e96830156bea314207b97315ccebd605317f142

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.