CVE-2016-2527

EPSS 0.19%
Published 28.02.2016 04:59:06
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version2.0.0

Wireshark ≫ Wireshark Version2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.406

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201604-05

http://www.securitytracker.com/id/1035118

http://www.wireshark.org/security/wnpa-sec-2016-07.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=140aad08e081489b5cdb715cb5bca01db856fded

https://nvd.nist.gov/vuln/detail/CVE-2016-2527

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2527

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2527

EUVD