CVE-2015-3182

Published: Jan 4, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected (3)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.12
Wireshark Wireshark	Version 1.10.13
Wireshark Wireshark	Version 1.10.14

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/74586

Source: secalert@redhat.com

http://www.securitytracker.com/id/1032279

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1219409

Source: secalert@redhat.com

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201510-03

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html