Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10867
Denial of service vulnerabilities in Wireshark

Updated: 05/22/2020
Detect date
?
 09/09/2016
Severity
?
 Warning
Description

Multiple vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet.

Technical details

These vulnerabilities related to multiple dissectors:

  1. epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector does not properly consider whether constant string
  2. Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector
  3. epan/dissectors/packet-umts_fp.c in the UMTS FP dissector does not properly handle memory allocation
  4. epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector does not restrict number of channels
  5. epan/dissectors/packet-h225.c in the H.225 dissector calls snprintf with one of its input buffers as the output buffer
  6. epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector mishandles MAC address data
Affected products

Wireshark 2 versions earlier than 2.0.6
Solution

Update to the latest version
Wireshark download page
Original advisories

Wireshark security advisories
Impacts
?
DoS 
[?]
Related products
 Wireshark
CVE-IDS
?
CVE-2016-71804.3Warning
CVE-2016-71794.3Warning
CVE-2016-71784.3Warning
CVE-2016-71774.3Warning
CVE-2016-71764.3Warning
CVE-2016-71754.3Warning
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up