English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
KLA10851
Denial of service vulnerabilities in Wireshark
|
Дата обнаружения
|
06/08/2016 |
|
Уровень угрозы
|
Warning |
|
Описание
|
Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file. Technical details WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets; Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type; NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing; CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer; Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing; USB subsystem mishandles class types; UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value; IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY; SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets; WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth; MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error; LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations; RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type; NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure; CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options; These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c; |
|
Пораженные продукты
|
Wireshark 1.12 versions earlier than 1.12.13 |
|
Решение
|
Update to the latest version |
|
Первичный источник обнаружения
|
Wireshark security advisories |
|
Оказываемое влияние
?
|
DoS
[?]
|
|
Связанные продукты
|
Wireshark |
|
CVE-IDS
|
CVE-2016-53594.3Warning
CVE-2016-53584.3Warning CVE-2016-53574.3Warning CVE-2016-53564.3Warning CVE-2016-53554.3Warning CVE-2016-53544.3Warning CVE-2016-53534.3Warning CVE-2016-53524.3Warning CVE-2016-53514.3Warning CVE-2016-53504.3Warning CVE-2016-65134.3Warning CVE-2016-65124.3Warning CVE-2016-65114.3Warning CVE-2016-65104.3Warning CVE-2016-65094.3Warning CVE-2016-65084.3Warning CVE-2016-65074.3Warning CVE-2016-65064.3Warning CVE-2016-65054.3Warning CVE-2016-65044.3Warning CVE-2016-65034.3Warning |
|
Эксплуатация
|
The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/40195 https://www.exploit-db.com/exploits/40197 |