CVE-2015-0563

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
wiresharkwireshark
1.10.0
wiresharkwireshark
1.10.1
wiresharkwireshark
1.10.2
wiresharkwireshark
1.10.3
wiresharkwireshark
1.10.4
wiresharkwireshark
1.10.5
wiresharkwireshark
1.10.6
wiresharkwireshark
1.10.7
wiresharkwireshark
1.10.8
wiresharkwireshark
1.10.9
wiresharkwireshark
1.10.10
wiresharkwireshark
1.10.11
wiresharkwireshark
1.12.0
wiresharkwireshark
1.12.1
wiresharkwireshark
1.12.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
squeeze
not-affected
wheezy
not-affected
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
bionic
Fixed 2.6.3-1~ubuntu18.04.1
released
artful
Fixed 1.12.1+g01b65bf-3
released
zesty
Fixed 1.12.1+g01b65bf-3
released
yakkety
Fixed 1.12.1+g01b65bf-3
released
xenial
Fixed 2.6.3-1~ubuntu16.04.1
released
wily
Fixed 1.12.1+g01b65bf-3
released
vivid
Fixed 1.12.1+g01b65bf-3
released
utopic
Fixed 1.12.1+g01b65bf-2~ubuntu14.10.2
released
trusty
Fixed 2.6.3-1~ubuntu14.04.1
released
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0019.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html
http://secunia.com/advisories/62612
http://www.mandriva.com/security/advisories?name=MDVSA-2015:022
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71916
http://www.wireshark.org/security/wnpa-sec-2015-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=611cfd00c283e7a77a2f1fd89c01b0b9f691411b
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=854157883bd1972e012c65c0418a9732ef5d9fb0
http://advisories.mageia.org/MGASA-2015-0019.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html
http://secunia.com/advisories/62612
http://www.mandriva.com/security/advisories?name=MDVSA-2015:022
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71916
http://www.wireshark.org/security/wnpa-sec-2015-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=611cfd00c283e7a77a2f1fd89c01b0b9f691411b
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=854157883bd1972e012c65c0418a9732ef5d9fb0