KLA10796
Multiple vulnerabilities in Wireshark
Updated: 07/30/2018
CVSS
?
4.3
Detect date
?
04/25/2016
Severity
?
Warning
Description

Multiple vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely by injecting malformed packet.


Technical details

These vulnerabilities can be exploited remotely via a vectors related to stack-based buffer overflow and improper memory initialisation for search patterns in NCP dissector, integer signedness error and improper memory objects handling in the MS-WSP dissector, using wrong variable for indexing an array in the GSM CBCH dissector, using incorrect integer data type in the IAX2 dissector, misparsing timestamp fields and absence of verification of BER identifiers in the PKTC dissector, improper restrictions of element list in IEEE 802.11 dissector, incorrect special-case handling of truncated Tvb data structures, impoper limitations of protocol-tree depth.

 

Affected products

Wireshark 1.12 versions earlier than 1.12.11.
Wireshark 2.0 versions earlier than 2.0.3

Solution

Update to the latest version
Download Wireshark

Original advisories

Wireshark Security Advisories

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2016-4085
CVE-2016-4084
CVE-2016-4083
CVE-2016-4082
CVE-2016-4081
CVE-2016-4080
CVE-2016-4079
CVE-2016-4078
CVE-2016-4077
CVE-2016-4076
CVE-2016-4006