{
  "threat_severity" : "Moderate",
  "public_date" : "2015-08-11T00:00:00Z",
  "bugzilla" : {
    "description" : "wireshark: WaveAgent dissector crash (wnpa-sec-2015-26)",
    "id" : "1253357",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253357"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "details" : [ "The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ],
  "statement" : "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the verison of wireshark as shipped with Red Hat Enterprise Linux 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2393",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "wireshark-0:1.10.14-7.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-6246\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6246\nhttps://www.wireshark.org/security/wnpa-sec-2015-26" ],
  "name" : "CVE-2015-6246",
  "mitigation" : {
    "value" : "This flaw can be mitigated in wireshark by disabling the waveagent protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for \"waveagent\" and disable in. When using \"tshark\", the text interface, create a file called \"disabled_protos\" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add \"waveagent\" to it. This should disable the waveagent protocol.",
    "lang" : "en:us"
  },
  "csaw" : false
}