CVE-2015-2187

Published: 8 March 2015

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

Notes

Author	Note
tyhicks	Version 1.12.0 to 1.12.3 are affected

Priority

Status

Package	Release	Status
wireshark Launchpad, Ubuntu, Debian	lucid	Not vulnerable
	precise	Not vulnerable
	trusty	Not vulnerable (1.10.6-1)
	upstream	Released (1.12.4)
	utopic	Released (1.12.1+g01b65bf-2ubuntu14.10.3)

References

https://www.wireshark.org/security/wnpa-sec-2015-06.html
https://www.cve.org/CVERecord?id=CVE-2015-2187
NVD
Launchpad
Debian

Bugs

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952
https://bugs.launchpad.net/bugs/1440202

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›