5.9

CVE-2016-6504

epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version1.12.0
WiresharkWireshark Version1.12.1
WiresharkWireshark Version1.12.2
WiresharkWireshark Version1.12.3
WiresharkWireshark Version1.12.4
WiresharkWireshark Version1.12.5
WiresharkWireshark Version1.12.6
WiresharkWireshark Version1.12.7
WiresharkWireshark Version1.12.8
WiresharkWireshark Version1.12.9
WiresharkWireshark Version1.12.10
WiresharkWireshark Version1.12.11
WiresharkWireshark Version1.12.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.59% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://openwall.com/lists/oss-security/2016/07/28/3
Mailing List
http://www.securitytracker.com/id/1036480
http://www.debian.org/security/2016/dsa-3648
http://www.securityfocus.com/bid/92164
http://www.wireshark.org/security/wnpa-sec-2016-40.html
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9eacbb4d48df647648127b9258f9e5aeeb0c7d99
https://www.exploit-db.com/exploits/40194/