CVE-2015-8711

Published: 04 January 2016

epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
wireshark Launchpad, Ubuntu, Debian	Upstream	Needs triage



	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable
	Ubuntu 16.04 LTS (Xenial Xerus)	Not vulnerable
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8711
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
http://www.wireshark.org/security/wnpa-sec-2015-31.html
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

CVE-2015-8711

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading