CVE-2015-8726

MEDIUM

Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via VeriWave File Parser

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8726. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a stack-based out-of-bounds read vulnerability in Wireshark's wiretap library, leading to a crash via a malformed file processed by tshark. The PoC includes a crash report and a link to the triggering files.

Description

wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39004

View Code ZIP pw:eip

This exploit demonstrates a stack-based out-of-bounds read vulnerability in Wireshark's wiretap library, leading to a crash via a malformed file processed by tshark. The PoC includes a crash report and a link to the triggering files.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark (git master at time of disclosure)

No auth needed

Prerequisites: A malformed file to trigger the vulnerability

MITRE ATT&CK