mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
189 lines
6.2 KiB
JSON
189 lines
6.2 KiB
JSON
{
|
|
"id": "CVE-2015-8726",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2016-01-04T05:59:16.813",
|
|
"lastModified": "2016-12-07T18:29:42.920",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "wiretap/vwr.c en el analizador de archivo VeriWave en Wireshark 1.12.x en versiones anteriores a 1.12.9 y 2.0.x en versiones anteriores a 2.0.1 no valida ciertos datos de firma y Modulation and Coding Scheme (MCS), lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo manipulado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-119"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FEA2B085-01D2-4707-A9F7-6545E4D6D99A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FE4BBF1A-4303-456C-AD19-F5BCF6FDD76B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD3D5FFB-1A09-4A06-8E83-DF72E39E1891"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80E2A443-32DB-4C8B-8D2D-AE4F80A154A1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.debian.org/security/2016/dsa-3505",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/79382",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1034551",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.wireshark.org/security/wnpa-sec-2015-44.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://security.gentoo.org/glsa/201604-05",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |