Description
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.
Below is a complete list of vulnerabilities
- Multiple vulnerabilities in LLRP, RSL, LBMC, HiQnet, HTTP/2, X.509AF, DNP3 and ASN.1 BER dissectors can be exploited remotely via a specially designed packet;
- Multiple vulnerabilities in iSeries and 3GPP TS 32.423 Trace file parsers can be exploited remotely via a specially designed file;
- Untrusted path vulnerability can be exploited locally via DLL hijack. (Windows)
Technical details
Vulnerability (1) related to multiple different vulnerabilities listed below:
- dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector does not limit recursion depth;
- Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector which can be triggered via packet with 0xFF tag value;
- dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector mishandles unrecognized TLV type;
- issect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector does not validate length values;
- epan/dissectors/packet-hiqnet.c in the HiQnet dissector does not validate data type;
- epan/dissectors/packet-http2.c in the HTTP/2 dissector does not limit the amount of header data;
- epan/dissectors/packet-x509af.c in the X.509AF dissector mishandles the algorithm ID;
- An unknown vulnerability related to dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector;
- dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector.
Vulnerability (2) related to multiple vulnerabilities listed below:
iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser does not consider that a line may lack the “OBJECT PROTOCOL” substring;
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser does not ensure that a ‘�’ character is present at the end of certain strings.
Vulnerability (3) related to the WiresharkApplication class in ui/qt/wireshark_application.cpp and can be triggered via a Trojan horse riched20.dll.dll in the current working directory, related to use of QLibrary.
Original advisories
Related products
CVE list
- CVE-2016-2530 warning
- CVE-2016-2521 high
- CVE-2016-2531 warning
- CVE-2016-2532 warning
- CVE-2016-2528 warning
- CVE-2016-2529 warning
- CVE-2016-2526 warning
- CVE-2016-2527 warning
- CVE-2016-2524 warning
- CVE-2016-2525 warning
- CVE-2016-2522 warning
- CVE-2016-2523 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com