CVE-2015-8730

MEDIUM

Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service in NBAP Dissector

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8730. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Wireshark due to an invalid memory read in the NBAP dissector. The crash occurs when processing a malformed packet capture file, leading to a SIGSEGV in the `dissect_nbap_MACdPDU_Size` function.

Description

epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/38999

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Wireshark due to an invalid memory read in the NBAP dissector. The crash occurs when processing a malformed packet capture file, leading to a SIGSEGV in the `dissect_nbap_MACdPDU_Size` function.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark (git master at the time of disclosure)

No auth needed

Prerequisites: A malformed packet capture file

MITRE ATT&CK