KLA10867
Denial of service vulnerabilities in Wireshark
Updated: 11/06/2018
CVSS
?
4.3
Detect date
?
09/09/2016
Severity
?
Warning
Description

Multiple vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet.


Technical details

These vulnerabilities related to multiple dissectors:

  1. epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector does not properly consider whether constant string
  2. Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector
  3. epan/dissectors/packet-umts_fp.c in the UMTS FP dissector does not properly handle memory allocation
  4. epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector does not restrict number of channels
  5. epan/dissectors/packet-h225.c in the H.225 dissector calls snprintf with one of its input buffers as the output buffer
  6. epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector mishandles MAC address data
Affected products

Wireshark 2 versions earlier than 2.0.6

Solution

Update to the latest version
Wireshark download page

Original advisories

Wireshark security advisories

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?

CVE-2016-7180
CVE-2016-7179
CVE-2016-7178
CVE-2016-7177
CVE-2016-7176
CVE-2016-7175