VDB
CVE-2015-8726
CVE-2015-8726
PUBLISHED
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
EPSS 0.97% · 77.0th percentile
Risk Scores
EPSS Score
0.97%
77.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | wireshark | 0, 1.10.2-1, 1.10.3-1 |
| Ubuntu:18.04:LTS | wireshark | 2.4.2-1, 2.4.3-1, 2.4.4-1 |
| Ubuntu:16.04:LTS | wireshark | 0, 1.12.7+g7fc8978-1, 2.0.1+g59ea380-3build1 |
Exploit Intelligence
Timeline
- Dec 16, 2015 PoC Published
- Jan 4, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-8726 third-party-advisory
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292 third-party-advisory
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5 third-party-advisory
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791 third-party-advisory
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789 third-party-advisory
- http://www.wireshark.org/security/wnpa-sec-2015-44.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-8726 third-party-advisory