Description
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39004
References (10)
Core 10
Core References
Patch x_refsource_confirm
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79382
Issue Tracking x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789
Patch x_refsource_confirm
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=185911de7d337246044c8e99da2f5b4bac74c0d5
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3505
Issue Tracking x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201604-05
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2015-44.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034551
Scores
CVSS v3
5.5
EPSS
0.0097
EPSS Percentile
76.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-20
Status
published
Products (10)
wireshark/wireshark
1.12.0
wireshark/wireshark
1.12.1
wireshark/wireshark
1.12.2
wireshark/wireshark
1.12.3
wireshark/wireshark
1.12.4
wireshark/wireshark
1.12.5
wireshark/wireshark
1.12.6
wireshark/wireshark
1.12.7
wireshark/wireshark
1.12.8
wireshark/wireshark
2.0.0
Published
Jan 04, 2016
Tracked Since
Feb 18, 2026