CVE-2016-9372

EPSS 0.38%
Veröffentlicht 17.11.2016 05:59:00
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version2.2.0

Wireshark ≫ Wireshark Version2.2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.566

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/94368

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037313

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250

https://www.wireshark.org/security/wnpa-sec-2016-58.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-9372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9372

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-9372