wireshark -- multiple vulnerabilities

2016-04-2200:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

81.9%

JSON

Wireshark development team reports:

The following vulnerabilities have been fixed:

wnpa-sec-2016-19
The NCP dissector could crash. (Bug 11591)
wnpa-sec-2016-20
TShark could crash due to a packet reassembly bug. (Bug 11799)

wnpa-sec-2016-21
The IEEE 802.11 dissector could crash. (Bug 11824, Bug 12187)

wnpa-sec-2016-22
The PKTC dissector could crash. (Bug 12206)
wnpa-sec-2016-23
The PKTC dissector could crash. (Bug 12242)
wnpa-sec-2016-24
The IAX2 dissector could go into an infinite loop. (Bug
12260)
wnpa-sec-2016-25
Wireshark and TShark could exhaust the stack. (Bug 12268)

wnpa-sec-2016-26
The GSM CBCH dissector could crash. (Bug 12278)
wnpa-sec-2016-27
MS-WSP dissector crash. (Bug 12341)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchwireshark< 2.0.3UNKNOWN
FreeBSDanynoarchwireshark-lite< 2.0.3UNKNOWN
FreeBSDanynoarchwireshark-qt5< 2.0.3UNKNOWN
FreeBSDanynoarchtshark< 2.0.3UNKNOWN
FreeBSDanynoarchtshark-lite< 2.0.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	wireshark	< 2.0.3	UNKNOWN
FreeBSD	any	noarch	wireshark-lite	< 2.0.3	UNKNOWN
FreeBSD	any	noarch	wireshark-qt5	< 2.0.3	UNKNOWN
FreeBSD	any	noarch	tshark	< 2.0.3	UNKNOWN
FreeBSD	any	noarch	tshark-lite	< 2.0.3	UNKNOWN