CVE-2015-8726
5.5
MEDIUM
CVSS 3.1
EPSS 0.97%
Description
wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
How to fix CVE-2015-8726
To remediate CVE-2015-8726, upgrade the affected package to a fixed version below.
- Debian/wireshark—upgrade to 2.0.1+g59ea380-1 or later
Is CVE-2015-8726 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0.1+g59ea380-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |