KLA10851
Denial of service vulnerabilities in Wireshark
Updated: 08/25/2016
CVSS
?
4.3
Detect date
?
08/06/2016
Severity
?
Warning
Description

Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file.


Technical details

WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets;

Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type;

NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing;

CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer;

Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing;

USB subsystem mishandles class types;

UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value;

IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY;

SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets;

WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth;

MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type;

NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure;

CORBA IDL dissectors  in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options;

These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;

Affected products

Wireshark 1.12 versions earlier than 1.12.13
Wireshark 2 versions earlier than 2.0.5

Solution

Update to the latest version
Wireshark download page

Original advisories

Wireshark security advisories

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2016-5350
CVE-2016-5351
CVE-2016-5352
CVE-2016-5353
CVE-2016-5354
CVE-2016-5355
CVE-2016-5356
CVE-2016-5357
CVE-2016-5358
CVE-2016-5359
CVE-2016-6503
CVE-2016-6504
CVE-2016-6505
CVE-2016-6506
CVE-2016-6507
CVE-2016-6508
CVE-2016-6509
CVE-2016-6510
CVE-2016-6511
CVE-2016-6512
CVE-2016-6513