5.9

CVE-2016-5359

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version1.12.0
WiresharkWireshark Version1.12.1
WiresharkWireshark Version1.12.2
WiresharkWireshark Version1.12.3
WiresharkWireshark Version1.12.4
WiresharkWireshark Version1.12.5
WiresharkWireshark Version1.12.6
WiresharkWireshark Version1.12.7
WiresharkWireshark Version1.12.8
WiresharkWireshark Version1.12.9
WiresharkWireshark Version1.12.10
WiresharkWireshark Version1.12.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.61% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
Mailing List
http://www.securityfocus.com/bid/91140
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
VDB Entry
Issue Tracking
https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0
https://www.wireshark.org/security/wnpa-sec-2016-38.html
Vendor Advisory