CVE-2015-7830

Published: Nov 15, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying.

Affected (9)

Products: Oracle: Solaris · Wireshark: Wireshark

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.12.0
Wireshark Wireshark	Version 1.12.1
Wireshark Wireshark	Version 1.12.2
Wireshark Wireshark	Version 1.12.3
Wireshark Wireshark	Version 1.12.4
Wireshark Wireshark	Version 1.12.5
Wireshark Wireshark	Version 1.12.6
Wireshark Wireshark	Version 1.12.7

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3505

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/77101

Source: cve@mitre.org

http://www.securityfocus.com/bid/78723

Source: cve@mitre.org

http://www.securitytracker.com/id/1033953

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2015-30.html

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-15-624

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=72497918b16b706c3ba75e1f731f58b802ca14d1

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3505

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/77101

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/78723

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033953

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2015-30.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-15-624

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11455

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=72497918b16b706c3ba75e1f731f58b802ca14d1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.