5.9

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version1.12.0
WiresharkWireshark Version1.12.1
WiresharkWireshark Version1.12.2
WiresharkWireshark Version1.12.3
WiresharkWireshark Version1.12.4
WiresharkWireshark Version1.12.5
WiresharkWireshark Version1.12.6
WiresharkWireshark Version1.12.7
WiresharkWireshark Version1.12.8
WiresharkWireshark Version1.12.9
WiresharkWireshark Version1.12.10
WiresharkWireshark Version1.12.11
WiresharkWireshark Version2.0.0
WiresharkWireshark Version2.0.1
WiresharkWireshark Version2.0.2
WiresharkWireshark Version2.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.49% 0.826
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
Mailing List
http://www.securityfocus.com/bid/91140
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
Issue Tracking
https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500
https://www.wireshark.org/security/wnpa-sec-2016-35.html
Vendor Advisory