CVE-2015-8723
Summary
| CVE | CVE-2015-8723 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-01-04 05:59:13 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. |
Risk And Classification
Primary CVSS: v3.0 5.5 MEDIUM from [email protected]
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Problem Types: CWE-20 | CWE-119 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 5.5 | MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:M/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Wireshark | Wireshark | 1.12.0 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.1 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.2 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.3 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.4 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.5 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.6 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.7 | All | All | All |
| Application | Wireshark | Wireshark | 1.12.8 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Wireshark · wnpa-sec-2015-42 · 802.11 decryption crash | af854a3a-2127-422b-91ae-364da2661108 | www.wireshark.org | Vendor Advisory |
| code.wireshark Code Review - wireshark.git/commit | af854a3a-2127-422b-91ae-364da2661108 | code.wireshark.org | |
| Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Debian -- Security Information -- DSA-3505-1 wireshark | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Oracle Solaris Bulletin - January 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Wireshark: Multiple vulnerabilities (GLSA 201604-05) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| Bug 11790 – Wireshark stack-based buffer overflow in AirPDcapPacketProcess | af854a3a-2127-422b-91ae-364da2661108 | bugs.wireshark.org | |
| Wireshark Multiple Security Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| code.wireshark Code Review - wireshark.git/commit | MITRE | code.wireshark.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 671108 EulerOS Security Update for wireshark (EulerOS-SA-2019-2425)