CVE-2015-3815

Publication date 26 May 2015

Last updated 24 July 2024


Ubuntu priority

The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906.

Status

Package Ubuntu Release Status
wireshark 15.04 vivid
Fixed 1.12.1+g01b65bf-4+deb8u1build0.15.04.1
14.10 utopic Ignored end of life
14.04 LTS trusty
Not affected
12.04 LTS precise
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
wireshark