Description
Multiple vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely by injecting malformed packet.
Technical details
These vulnerabilities can be exploited remotely via a vectors related to stack-based buffer overflow and improper memory initialisation for search patterns in NCP dissector, integer signedness error and improper memory objects handling in the MS-WSP dissector, using wrong variable for indexing an array in the GSM CBCH dissector, using incorrect integer data type in the IAX2 dissector, misparsing timestamp fields and absence of verification of BER identifiers in the PKTC dissector, improper restrictions of element list in IEEE 802.11 dissector, incorrect special-case handling of truncated Tvb data structures, impoper limitations of protocol-tree depth.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2016-4085 high
- CVE-2016-4084 high
- CVE-2016-4083 high
- CVE-2016-4082 high
- CVE-2016-4081 high
- CVE-2016-4080 high
- CVE-2016-4079 high
- CVE-2016-4078 high
- CVE-2016-4077 high
- CVE-2016-4076 high
- CVE-2016-4006 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com