Kaspersky LabKLA10851KLA10851 Denial of service vulnerabilities in Wireshark
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
87.0%
Multiple different vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via a specially designed packet or file.
Technical details
WBXML dissector epan/dissectors/packet-wbxml.c mishandles offsets;
Ethernet dissector epan/dissectors/packet-pktap.c mishandles the packet-header data type;
NetScreen file parser wiretap/netscreen.c mishandles sscanf unsigned-integer processing;
CoSine file parser wiretap/cosine.c mishandles sscanf unsigned-integer;
Toshiba file parser wiretap/toshiba.c mishandles sscanf unsigned-integer processing;
USB subsystem mishandles class types;
UMTS FP dissector epan/dissectors/packet-umts_fp.c mishandles the reserved C/T value;
IEEE 802.11 dissector epan/crypt/airpdcap.c mishandles certain length values and lack of an EAPOL_RSN_KEY;
SPOOLS component epan/dissectors/packet-dcerpc-spoolss.c mishandles unexpected offsets;
WBXML dissector epan/dissectors/packet-wbxml.c does not restrict the recursion depth;
MMSE, WAP, WBXML, and WSP dissectors epan/dissectors/packet-wap.c omits an overflow check in the tvb_get_guintvar function;
RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;
LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;
RLC dissector epan/dissectors/packet-rlc.c contains Off-by-one error;
LDSS dissector epan/dissectors/packet-ldss.c mishandles conversations;
RLC dissector epan/dissectors/packet-rlc.c uses an incorrect integer data type;
NDS dissector epan/dissectors/packet-ncp2222.inc does not properly maintain a ptvc data structure;
CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options;
These vulnerabilities also related to PacketBB, WSP, MMSE dissectors and epan/proto.c;
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2016-5359 warning
CVE-2016-5358 warning
CVE-2016-5357 warning
CVE-2016-5356 warning
CVE-2016-5355 warning
CVE-2016-5354 warning
CVE-2016-5353 warning
CVE-2016-5352 warning
CVE-2016-5351 warning
CVE-2016-5350 warning
CVE-2016-6513 warning
CVE-2016-6512 warning
CVE-2016-6511 warning
CVE-2016-6510 warning
CVE-2016-6509 warning
CVE-2016-6508 warning
CVE-2016-6507 warning
CVE-2016-6506 warning
CVE-2016-6505 warning
CVE-2016-6504 warning
CVE-2016-6503 warning
Solution
Update to the latest version
Impacts
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Wireshark 1.12 versions earlier than 1.12.13Wireshark 2 versions earlier than 2.0.5
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.015 Low
EPSS
Percentile
87.0%