Description
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39005
References (8)
Core 8
Core References
Patch x_refsource_confirm
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=40b283181c63cb28bc6f58d80315eccca6650da0
Issue Tracking x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79382
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3505
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201604-05
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034551
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2015-42.html
Scores
CVSS v3
5.5
EPSS
0.0126
EPSS Percentile
79.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-20
Status
published
Products (9)
wireshark/wireshark
1.12.0
wireshark/wireshark
1.12.1
wireshark/wireshark
1.12.2
wireshark/wireshark
1.12.3
wireshark/wireshark
1.12.4
wireshark/wireshark
1.12.5
wireshark/wireshark
1.12.6
wireshark/wireshark
1.12.7
wireshark/wireshark
1.12.8
Published
Jan 04, 2016
Tracked Since
Feb 18, 2026