Denial of Service Vulnerability in Wireshark S7COMM Dissector

Denial of Service Vulnerability in Wireshark S7COMM Dissector

CVE-2015-8738 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

Learn more about our Web Application Penetration Testing UK.