CVE-2015-8740

MEDIUM

Wireshark 2.0.x < 2.0.1 - Denial of Service via TDS Dissector Column Count Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8740. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Wireshark's Diameter dissector, triggered by a malformed packet capture file. The overflow occurs in the `dissect_diameter_base_framed_ipv6_prefix` function, leading to a crash in ASAN builds.

Description

The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39003

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in Wireshark's Diameter dissector, triggered by a malformed packet capture file. The overflow occurs in the `dissect_diameter_base_framed_ipv6_prefix` function, leading to a crash in ASAN builds.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Wireshark (git master at time of disclosure)

No auth needed

Prerequisites: A malformed packet capture file

MITRE ATT&CK