5.9

CVE-2016-9374

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version2.0.0
WiresharkWireshark Version2.0.1
WiresharkWireshark Version2.0.2
WiresharkWireshark Version2.0.3
WiresharkWireshark Version2.0.4
WiresharkWireshark Version2.0.5
WiresharkWireshark Version2.0.6
WiresharkWireshark Version2.0.7
WiresharkWireshark Version2.2.0
WiresharkWireshark Version2.2.1
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.727
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1037313
http://www.debian.org/security/2016/dsa-3719
Third Party Advisory
http://www.securityfocus.com/bid/94369
Third Party Advisory
VDB Entry
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12953
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a5770b6559b6e6765c4ef800e85ae42781ea4900
https://www.wireshark.org/security/wnpa-sec-2016-59.html
Vendor Advisory