KLA10867
Denial of service vulnerabilities in Wireshark
Updated: 06/01/2019
Detect date
?
09/09/2016
Severity
?
Warning
Description

Multiple vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet.


Technical details

These vulnerabilities related to multiple dissectors:

  1. epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector does not properly consider whether constant string
  2. Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector
  3. epan/dissectors/packet-umts_fp.c in the UMTS FP dissector does not properly handle memory allocation
  4. epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector does not restrict number of channels
  5. epan/dissectors/packet-h225.c in the H.225 dissector calls snprintf with one of its input buffers as the output buffer
  6. epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector mishandles MAC address data
Affected products

Wireshark 2 versions earlier than 2.0.6

Solution

Update to the latest version
Wireshark download page

Original advisories

Wireshark security advisories

Impacts
?
DoS 
[?]
Related products
Wireshark
CVE-IDS
?
CVE-2016-71804.3Warning
CVE-2016-71794.3Warning
CVE-2016-71784.3Warning
CVE-2016-71774.3Warning
CVE-2016-71764.3Warning
CVE-2016-71754.3Warning