Detect date
?
|
08/06/2016 |
Severity
?
|
Warning |
Description
|
Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file. Technical details WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets; Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type; NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing; CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer; Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing; USB subsystem mishandles class types; UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value; IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY; SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets; WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth; MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type; NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure; CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options; These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c; |
Affected products
|
Wireshark 1.12 versions earlier than 1.12.13 |
Solution
|
Update to the latest version |
Original advisories
|
|
Impacts
?
|
DoS [?] |
Related products
|
Wireshark |
CVE-IDS
?
|
CVE-2016-53594.3Warning
CVE-2016-53584.3Warning CVE-2016-53574.3Warning CVE-2016-53564.3Warning CVE-2016-53554.3Warning CVE-2016-53544.3Warning CVE-2016-53534.3Warning CVE-2016-53524.3Warning CVE-2016-53514.3Warning CVE-2016-53504.3Warning CVE-2016-65134.3Warning CVE-2016-65124.3Warning CVE-2016-65114.3Warning CVE-2016-65104.3Warning CVE-2016-65094.3Warning CVE-2016-65084.3Warning CVE-2016-65074.3Warning CVE-2016-65064.3Warning CVE-2016-65054.3Warning CVE-2016-65044.3Warning CVE-2016-65034.3Warning |
Exploitation
|
The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40195 https://www.exploit-db.com/exploits/40197 |
Find out the statistics of the vulnerabilities spreading in your region |