Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Wireshark

Kaspersky ID:
KLA10763
Detect Date:
02/27/2016
Updated:
01/28/2026

Description

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.

Below is a complete list of vulnerabilities

  1. Multiple vulnerabilities in LLRP, RSL, LBMC, HiQnet, HTTP/2, X.509AF, DNP3 and ASN.1 BER dissectors can be exploited remotely via a specially designed packet;
  2. Multiple vulnerabilities in iSeries and 3GPP TS 32.423 Trace file parsers can be exploited remotely via a specially designed file;
  3. Untrusted path vulnerability can be exploited locally via DLL hijack. (Windows)

Technical details

Vulnerability (1) related to multiple different vulnerabilities listed below:

  1. dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector does not limit recursion depth;
  2. Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector which can be triggered via packet with 0xFF tag value;
  3. dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector mishandles unrecognized TLV type;
  4. issect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector does not validate length values;
  5. epan/dissectors/packet-hiqnet.c in the HiQnet dissector does not validate data type;
  6. epan/dissectors/packet-http2.c in the HTTP/2 dissector does not limit the amount of header data;
  7. epan/dissectors/packet-x509af.c in the X.509AF dissector mishandles the algorithm ID;
  8. An unknown vulnerability related to dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector;
  9. dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector.

Vulnerability (2) related to multiple vulnerabilities listed below:

iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser does not consider that a line may lack the “OBJECT PROTOCOL” substring;
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser does not ensure that a ‘’ character is present at the end of certain strings.

Vulnerability (3) related to the WiresharkApplication class in ui/qt/wireshark_application.cpp and can be triggered via a Trojan horse riched20.dll.dll in the current working directory, related to use of QLibrary.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

CVE list

  • CVE-2016-2530
    high
  • CVE-2016-2521
    critical
  • CVE-2016-2531
    high
  • CVE-2016-2532
    high
  • CVE-2016-2528
    high
  • CVE-2016-2529
    high
  • CVE-2016-2526
    high
  • CVE-2016-2527
    high
  • CVE-2016-2524
    high
  • CVE-2016-2525
    high
  • CVE-2016-2522
    high
  • CVE-2016-2523
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
11 February 2026
Securelist
Spam and phishing in 2025
05 February 2026
Securelist
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
03 February 2026
Securelist
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
29 January 2026
Securelist
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
27 January 2026
Securelist
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.