[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-8732Date: (C)2016-01-08   (M)2023-12-22


The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 4.3
Exploit Score: 1.8Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECTRACK-1034551
BID-79382
DSA-3505
GLSA-201604-05
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.wireshark.org/security/wnpa-sec-2015-50.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9352616ec9742f2ed3d2802d0c8c100d51ca410b
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38

CPE    10
cpe:/a:wireshark:wireshark:1.12.1
cpe:/a:wireshark:wireshark:1.12.0
cpe:/a:wireshark:wireshark:1.12.5
cpe:/a:wireshark:wireshark:1.12.4
...
CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:89045301
oval:org.secpod.oval:def:32541
oval:org.secpod.oval:def:32506
oval:org.secpod.oval:def:602421
...

© SecPod Technologies