CVE-2015-3810

Publication date 26 May 2015

Last updated 24 July 2024

Description

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
wireshark	15.04 vivid	Fixed 1.12.1+g01b65bf-4+deb8u1build0.15.04.1
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Notes

tyhicks

"Affected versions: 1.12.0 to 1.12.4"

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
wireshark	Upstream: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ee6bcbd2e03a25f1e6b0239558d9edeaf8040c0

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.wireshark.org/security/wnpa-sec-2015-13.html
https://www.cve.org/CVERecord?id=CVE-2015-3810