Public Date:
1222437: CVE-2015-3812 wireshark: X11 memory leak (wnpa-sec-2015-15)
A flaw was found in X11 dissector of wireshark of which an attacker could make wireshark consume excessive CPU resources which could make system unresponsive by injecting specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file.

Find out more about CVE-2015-3812 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (wireshark) RHSA-2015:2393 2015-11-19
Red Hat Enterprise Linux 6 (wireshark) RHSA-2017:0631 2017-03-21

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 wireshark Will not fix


This flaw can be mitigated in wireshark by disabling the X11 protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for "X11" and disable in. When using "tshark", the text interface, create a file called "disabled_protos" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add "X11" to it. This should disable the X11 protocol.

External References

Last Modified