Kaspersky ID:
KLA10851
Дата обнаружения:
06/08/2016
Обновлено:
22/01/2024

Описание

Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file.


Technical details

WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets;

Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type;

NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing;

CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer;

Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing;

USB subsystem mishandles class types;

UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value;

IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY;

SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets;

WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth;

MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;

LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;

RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type;

NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure;

CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options;

These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

  • CVE-2016-5359
    warning
  • CVE-2016-5358
    warning
  • CVE-2016-5357
    warning
  • CVE-2016-5356
    warning
  • CVE-2016-5355
    warning
  • CVE-2016-5354
    warning
  • CVE-2016-5353
    warning
  • CVE-2016-5352
    warning
  • CVE-2016-5351
    warning
  • CVE-2016-5350
    warning
  • CVE-2016-6513
    warning
  • CVE-2016-6512
    warning
  • CVE-2016-6511
    warning
  • CVE-2016-6510
    warning
  • CVE-2016-6509
    warning
  • CVE-2016-6508
    warning
  • CVE-2016-6507
    warning
  • CVE-2016-6506
    warning
  • CVE-2016-6505
    warning
  • CVE-2016-6504
    warning
  • CVE-2016-6503
    warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.