CVE-2015-8735

MEDIUM

Wireshark 2.0.x - Denial of Service via Bluetooth Attribute Dissector Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8735. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in Wireshark's Bluetooth ATT dissector, leading to a SEGV crash due to an invalid memory write. The PoC includes malformed files that trigger the crash when processed by tshark.

Description

The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/38998

View Code ZIP pw:eip

This exploit demonstrates a memory corruption vulnerability in Wireshark's Bluetooth ATT dissector, leading to a SEGV crash due to an invalid memory write. The PoC includes malformed files that trigger the crash when processed by tshark.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark (git master at the time of disclosure)

No auth needed

Prerequisites: Wireshark with ASAN build · Malformed packet capture file

MITRE ATT&CK