Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-6246

Опубликовано: 11 авг. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Отчет

This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the verison of wireshark as shipped with Red Hat Enterprise Linux 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6.

Меры по смягчению последствий

This flaw can be mitigated in wireshark by disabling the waveagent protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for "waveagent" and disable in. When using "tshark", the text interface, create a file called "disabled_protos" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add "waveagent" to it. This should disable the waveagent protocol.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5wiresharkNot affected
Red Hat Enterprise Linux 6wiresharkWill not fix
Red Hat Enterprise Linux 7wiresharkFixedRHSA-2015:239319.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1253357wireshark: WaveAgent dissector crash (wnpa-sec-2015-26)

EPSS

Процентиль: 70%
0.00661
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-6246

ubuntu
около 10 лет назад

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

nvd логотип

CVE-2015-6246

nvd
около 10 лет назад

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

debian логотип

CVE-2015-6246

debian
около 10 лет назад

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c ...

github логотип

GHSA-qvfg-7rq7-85cm

github
больше 3 лет назад

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

suse-cvrf логотип

openSUSE-SU-2015:1836-2

suse-cvrf
почти 10 лет назад

Security update for wireshark

EPSS

Процентиль: 70%
0.00661
Низкий

4.3 Medium

CVSS2