CVE-2015-2190 | Vulnerability Database | Aqua Security

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

Affected Software

Name	Vendor	Start Version	End Version
Opensuse	Opensuse	13.1 (including)	13.1 (including)
Opensuse	Opensuse	13.2 (including)	13.2 (including)
Wireshark	Ubuntu	devel	*
Wireshark	Ubuntu	upstream	*
Wireshark	Ubuntu	utopic	*

References

http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72938
http://www.securitytracker.com/id/1031858
http://www.wireshark.org/security/wnpa-sec-2015-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d1865e000ebedf49fc0d9f221a11d6af74360837
https://security.gentoo.org/glsa/201510-03
http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72938
http://www.securitytracker.com/id/1031858
http://www.wireshark.org/security/wnpa-sec-2015-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d1865e000ebedf49fc0d9f221a11d6af74360837
https://security.gentoo.org/glsa/201510-03

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2190
CWE	https://cwe.mitre.org/data/definitions/19.html