Kaspersky Threats

CVSS

?

4.3

Detect date

?

08/06/2016

Severity

?

Warning

Description

Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file.

Technical details

WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets;

Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type;

NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing;

CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer;

Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing;

USB subsystem mishandles class types;

UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value;

IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY;

SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets;

WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth;

MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type;

NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure;

CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options;

These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;

Affected products

Wireshark 1.12 versions earlier than 1.12.13
Wireshark 2 versions earlier than 2.0.5

Solution

Update to the latest version
Wireshark download page

Original advisories

Wireshark security advisories

Impacts

?

DoS

[?]

CVSS ?	4.3
Detect date ?	08/06/2016
Severity ?	Warning
Description	Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file. Technical details WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets; Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type; NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing; CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer; Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing; USB subsystem mishandles class types; UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value; IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY; SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets; WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth; MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type; NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure; CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options; These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;
Affected products	Wireshark 1.12 versions earlier than 1.12.13 Wireshark 2 versions earlier than 2.0.5
Solution	Update to the latest version Wireshark download page
Original advisories	Wireshark security advisories
Impacts ?	DoS [?]
Related products	Wireshark
CVE-IDS ?	CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6503 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513