CVE-2016-6512

EPSS 1.89%
Published 06.08.2016 23:59:12
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version2.0.0

Wireshark ≫ Wireshark Version2.0.1

Wireshark ≫ Wireshark Version2.0.2

Wireshark ≫ Wireshark Version2.0.3

Wireshark ≫ Wireshark Version2.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.89%	0.824

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://openwall.com/lists/oss-security/2016/07/28/3

Mailing List

http://www.securitytracker.com/id/1036480

http://www.securityfocus.com/bid/92174

http://www.wireshark.org/security/wnpa-sec-2016-48.html

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2193bea3212d74e2a907152055e27d409b59485e

https://www.exploit-db.com/exploits/40195/

https://nvd.nist.gov/vuln/detail/CVE-2016-6512

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6512

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6512

EUVD