CVE-2015-8733
Description
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.627
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update of Wireshark (2.0.1) | Windows |
| Update of Wireshark X64 (2.0.1) | Windows |
| Multiple vulnerabilities fixed in Wireshark x64 1.12.9 | Windows |
| Multiple vulnerabilities are fixed in Update for WireShark for Mac (2.0.1) | Mac |
| Multiple vulnerabilities are fixed in Wireshark for Mac 1.12.9 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-302390 | Update of Wireshark (2.0.1) |
| PATCH-302391 | Update of Wireshark X64 (2.0.1) |
| PATCH-338541 | Wireshark (3.6.24) |
| PATCH-612949 | WireShark for Mac (4.6.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234