CVE-2015-2191

Published: Mar 8, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

Affected (22)

Products: Debian: Debian Linux · Mageia: Mageia · Wireshark: Wireshark · +1 more

Show all products

Debian: Debian Linux · Mageia: Mageia · Wireshark: Wireshark · Opensuse: Opensuse

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mageia Mageia	Version 4.0

Configuration C

17 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.10
Wireshark Wireshark	Version 1.10.11
Wireshark Wireshark	Version 1.10.12
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3
Wireshark Wireshark	Version 1.10.4
Wireshark Wireshark	Version 1.10.5
Wireshark Wireshark	Version 1.10.6
Wireshark Wireshark	Version 1.10.7
Wireshark Wireshark	Version 1.10.8
Wireshark Wireshark	Version 1.10.9
Wireshark Wireshark	Version 1.12.0
Wireshark Wireshark	Version 1.12.1
Wireshark Wireshark	Version 1.12.2
Wireshark Wireshark	Version 1.12.3

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Related CWEs

References (24)

http://advisories.mageia.org/MGASA-2015-0117.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1460.html

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3210

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:183

Source: cve@mitre.org

Broken Link

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/72941

Source: cve@mitre.org

http://www.securitytracker.com/id/1031858

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.wireshark.org/security/wnpa-sec-2015-10.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023

Source: cve@mitre.org

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=608cf324b3962877e9699f3e81e8f82ac9f1ea14

Source: cve@mitre.org

https://security.gentoo.org/glsa/201510-03

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2015-0117.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1460.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3210

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:183

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72941

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031858

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.wireshark.org/security/wnpa-sec-2015-10.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=608cf324b3962877e9699f3e81e8f82ac9f1ea14

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201510-03

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.