CVE-2015-2191

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
mageiamageia
4.0
wiresharkwireshark
1.10.0
wiresharkwireshark
1.10.1
wiresharkwireshark
1.10.2
wiresharkwireshark
1.10.3
wiresharkwireshark
1.10.4
wiresharkwireshark
1.10.5
wiresharkwireshark
1.10.6
wiresharkwireshark
1.10.7
wiresharkwireshark
1.10.8
wiresharkwireshark
1.10.9
wiresharkwireshark
1.10.10
wiresharkwireshark
1.10.11
wiresharkwireshark
1.10.12
wiresharkwireshark
1.12.0
wiresharkwireshark
1.12.1
wiresharkwireshark
1.12.2
wiresharkwireshark
1.12.3
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
bionic
Fixed 2.6.3-1~ubuntu18.04.1
released
artful
Fixed 1.12.1+g01b65bf-4
released
zesty
Fixed 1.12.1+g01b65bf-4
released
yakkety
Fixed 1.12.1+g01b65bf-4
released
xenial
Fixed 2.6.3-1~ubuntu16.04.1
released
wily
Fixed 1.12.1+g01b65bf-4
released
vivid
Fixed 1.12.1+g01b65bf-4
released
utopic
Fixed 1.12.1+g01b65bf-2ubuntu14.10.3
released
trusty
Fixed 2.6.3-1~ubuntu14.04.1
released
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0117.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
http://rhn.redhat.com/errata/RHSA-2015-1460.html
http://www.debian.org/security/2015/dsa-3210
http://www.mandriva.com/security/advisories?name=MDVSA-2015:183
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72941
http://www.securitytracker.com/id/1031858
http://www.wireshark.org/security/wnpa-sec-2015-10.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=608cf324b3962877e9699f3e81e8f82ac9f1ea14
https://security.gentoo.org/glsa/201510-03
http://advisories.mageia.org/MGASA-2015-0117.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
http://rhn.redhat.com/errata/RHSA-2015-1460.html
http://www.debian.org/security/2015/dsa-3210
http://www.mandriva.com/security/advisories?name=MDVSA-2015:183
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72941
http://www.securitytracker.com/id/1031858
http://www.wireshark.org/security/wnpa-sec-2015-10.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=608cf324b3962877e9699f3e81e8f82ac9f1ea14
https://security.gentoo.org/glsa/201510-03