CVE-2015-8726
moderate-risk
Published 2016-01-04
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
Do I need to act?
-
0.97% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (10)
Affected Vendors
References (20)
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2015-44.html
Vendor Advisory
http://www.wireshark.org/security/wnpa-sec-2015-44.html
44
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
10/34 · Low
Exposure
16/34 · Moderate