Published: 17/11/2016 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 2.0.0
wireshark wireshark 2.0.4
wireshark wireshark 2.2.0
wireshark wireshark 2.0.1
wireshark wireshark 2.2.1
wireshark wireshark 2.0.7
wireshark wireshark 2.0.2
wireshark wireshark 2.0.3
wireshark wireshark 2.0.6
wireshark wireshark 2.0.5
debian debian linux 8.0

In Wireshark 220 to 221 and 200 to 207, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file This was addressed in epan/dissectors/packet-dcerpc-ntc and epan/dissectors/packet-dcerpc-spoolssc by using the wmem file scope for private strings ...

CWE-416 https://www.wireshark.org/security/wnpa-sec-2016-61.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13072 http://www.securityfocus.com/bid/94369 http://www.debian.org/security/2016/dsa-3719 http://www.securitytracker.com/id/1037313 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cc8e37f0f53c4401bb1644a34eddea345940a8df https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-9373

CVE-2016-9373

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect