CVE-2015-8724

MEDIUM

Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via AirPDcapDecryptWPABroadcastKey Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8724. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a heap-based out-of-bounds read vulnerability in Wireshark's AirPDcapDecryptWPABroadcastKey function, leading to a crash via a malformed file processed by tshark. The PoC includes a crash log and a link to trigger files.

Description

The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39077

View Code ZIP pw:eip

This exploit demonstrates a heap-based out-of-bounds read vulnerability in Wireshark's AirPDcapDecryptWPABroadcastKey function, leading to a crash via a malformed file processed by tshark. The PoC includes a crash log and a link to trigger files.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark (git master at time of disclosure)

No auth needed

Prerequisites: A malformed file to trigger the vulnerability

MITRE ATT&CK