5.9

CVE-2016-9372

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version2.2.0
WiresharkWireshark Version2.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.09% 0.793
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/94368
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037313
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250
https://www.wireshark.org/security/wnpa-sec-2016-58.html
Vendor Advisory