{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/security/wnpa-sec-2015-24.html"}, {"name": "FEDORA-2015-13945", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html"}, {"name": "1033272", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033272"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=31571144be5f03f054a9c7e195b38c2f5792fe54"}, {"name": "76383", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76383"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=43c2e5769a17f0945fdcdabe35204a13ca9bbc85"}, {"name": "FEDORA-2015-13946", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=655b0dc623e29da212be3e205314624fe3182562"}, {"name": "DSA-3367", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3367"}, {"name": "openSUSE-SU-2015:1836", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.wireshark.org/security/wnpa-sec-2015-24.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2015-24.html"}, {"name": "FEDORA-2015-13945", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html"}, {"name": "1033272", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033272"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=31571144be5f03f054a9c7e195b38c2f5792fe54", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=31571144be5f03f054a9c7e195b38c2f5792fe54"}, {"name": "76383", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76383"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=43c2e5769a17f0945fdcdabe35204a13ca9bbc85", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=43c2e5769a17f0945fdcdabe35204a13ca9bbc85"}, {"name": "FEDORA-2015-13946", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=655b0dc623e29da212be3e205314624fe3182562", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=655b0dc623e29da212be3e205314624fe3182562"}, {"name": "DSA-3367", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3367"}, {"name": "openSUSE-SU-2015:1836", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:15:13.267Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.wireshark.org/security/wnpa-sec-2015-24.html"}, {"name": "FEDORA-2015-13945", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html"}, {"name": "1033272", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033272"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=31571144be5f03f054a9c7e195b38c2f5792fe54"}, {"name": "76383", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76383"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=43c2e5769a17f0945fdcdabe35204a13ca9bbc85"}, {"name": "FEDORA-2015-13946", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=655b0dc623e29da212be3e205314624fe3182562"}, {"name": "DSA-3367", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3367"}, {"name": "openSUSE-SU-2015:1836", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6244", "datePublished": "2015-08-24T23:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:15:13.267Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "FEA2B085-01D2-4707-A9F7-6545E4D6D99A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n dissect_zbee_secure en epan/dissectors/packet-zbee-security.c en el disector ZigBee en Wireshark 1.12.x en versiones anteriores a 1.12.7, conf\u00eda inadecuadamente en los campos de longitud contenidos en paquetes de datos, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un paquete manipulado."}], "id": "CVE-2015-6244", "lastModified": "2023-11-07T02:26:47.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-08-24T23:59:04.367", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3367"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76383"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033272"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.wireshark.org/security/wnpa-sec-2015-24.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11389"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=31571144be5f03f054a9c7e195b38c2f5792fe54"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=43c2e5769a17f0945fdcdabe35204a13ca9bbc85"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=655b0dc623e29da212be3e205314624fe3182562"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:2393", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "wireshark-0:1.10.14-7.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-19T00:00:00Z"}], "bugzilla": {"description": "wireshark: ZigBee dissector crash (wnpa-sec-2015-24)", "id": "1253355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253355"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-130", "details": ["The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated in wireshark by disabling the ZigBee protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for \"ZigBee\" and disable in. When using \"tshark\", the text interface, create a file called \"disabled_protos\" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add \"ZigBee\" to it. This should disable the ZigBee protocol."}, "name": "CVE-2015-6244", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2015-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-6244\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6244\nhttps://www.wireshark.org/security/wnpa-sec-2015-24"], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the verison of wireshark as shipped with Red Hat Enterprise Linux 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6.", "threat_severity": "Moderate", "upstream_fix": "wireshark 1.12.7"}