CVE-2015-0563

EUVD-2015-0576
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
wiresharkwireshark
1.10.0
wiresharkwireshark
1.10.1
wiresharkwireshark
1.10.2
wiresharkwireshark
1.10.3
wiresharkwireshark
1.10.4
wiresharkwireshark
1.10.5
wiresharkwireshark
1.10.6
wiresharkwireshark
1.10.7
wiresharkwireshark
1.10.8
wiresharkwireshark
1.10.9
wiresharkwireshark
1.10.10
wiresharkwireshark
1.10.11
wiresharkwireshark
1.12.0
wiresharkwireshark
1.12.1
wiresharkwireshark
1.12.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
sid
4.4.1-1
fixed
squeeze
not-affected
trixie
4.4.0-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
artful
Fixed 1.12.1+g01b65bf-3
released
bionic
Fixed 2.6.3-1~ubuntu18.04.1
released
lucid
ignored
precise
ignored
trusty
Fixed 2.6.3-1~ubuntu14.04.1
released
utopic
Fixed 1.12.1+g01b65bf-2~ubuntu14.10.2
released
vivid
Fixed 1.12.1+g01b65bf-3
released
wily
Fixed 1.12.1+g01b65bf-3
released
xenial
Fixed 2.6.3-1~ubuntu16.04.1
released
yakkety
Fixed 1.12.1+g01b65bf-3
released
zesty
Fixed 1.12.1+g01b65bf-3
released
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0019.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html
http://secunia.com/advisories/62612
http://www.mandriva.com/security/advisories?name=MDVSA-2015:022
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71916
http://www.wireshark.org/security/wnpa-sec-2015-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=611cfd00c283e7a77a2f1fd89c01b0b9f691411b
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=854157883bd1972e012c65c0418a9732ef5d9fb0
http://advisories.mageia.org/MGASA-2015-0019.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html
http://secunia.com/advisories/62612
http://www.mandriva.com/security/advisories?name=MDVSA-2015:022
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71916
http://www.wireshark.org/security/wnpa-sec-2015-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=611cfd00c283e7a77a2f1fd89c01b0b9f691411b
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=854157883bd1972e012c65c0418a9732ef5d9fb0