5.9

CVE-2016-5354

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Data is provided by the National Vulnerability Database (NVD)
WiresharkWireshark Version1.12.0
WiresharkWireshark Version1.12.1
WiresharkWireshark Version1.12.2
WiresharkWireshark Version1.12.3
WiresharkWireshark Version1.12.4
WiresharkWireshark Version1.12.5
WiresharkWireshark Version1.12.6
WiresharkWireshark Version1.12.7
WiresharkWireshark Version1.12.8
WiresharkWireshark Version1.12.9
WiresharkWireshark Version1.12.10
WiresharkWireshark Version1.12.11
WiresharkWireshark Version2.0.0
WiresharkWireshark Version2.0.1
WiresharkWireshark Version2.0.2
WiresharkWireshark Version2.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.36% 0.576
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.