VDB

CVE-2015-3814

CVE-2015-3814 PUBLISHED

The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

EPSS 0.25% · 48.8th percentile

Risk Scores

EPSS Score
0.25%
48.8th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSwireshark0, 2.4.3-1, 2.4.4-1
Ubuntu:14.04:LTSwireshark1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1, 0, 1.10.2-1
Ubuntu:16.04:LTSwireshark0, 2.0.2+ga16e22e-1, 2.2.6+g32dac6a-2ubuntu0.16.04

Timeline

  • May 26, 2015 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›