CVE-2015-3810

Published: 26 May 2015

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

Notes

Author	Note
tyhicks	"Affected versions: 1.12.0 to 1.12.4"

Priority

Status

Package	Release	Status
wireshark Launchpad, Ubuntu, Debian	precise	Not vulnerable
	trusty	Not vulnerable (1.10.6-1)
	upstream	Released (1.12.5+g5819e5b-1)
	utopic	Ignored (end of life)
	vivid	Released (1.12.1+g01b65bf-4+deb8u1build0.15.04.1)
	Patches: upstream: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ee6bcbd2e03a25f1e6b0239558d9edeaf8040c0

References

https://www.wireshark.org/security/wnpa-sec-2015-13.html
https://www.cve.org/CVERecord?id=CVE-2015-3810
NVD
Launchpad
Debian

Bugs

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10989

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›