Published: 17/11/2016 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 2.0.0
wireshark wireshark 2.0.4
wireshark wireshark 2.2.0
wireshark wireshark 2.0.1
wireshark wireshark 2.2.1
wireshark wireshark 2.0.7
wireshark wireshark 2.0.2
wireshark wireshark 2.0.3
wireshark wireshark 2.0.6
wireshark wireshark 2.0.5
debian debian linux 8.0

In Wireshark 220 to 221 and 200 to 207, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file This was addressed in epan/dissectors/packet-alljoync by ensuring that a length variable properly tracked the state of a signature variable ...

CWE-119 CWE-399 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12953 https://www.wireshark.org/security/wnpa-sec-2016-59.html http://www.securityfocus.com/bid/94369 http://www.debian.org/security/2016/dsa-3719 http://www.securitytracker.com/id/1037313 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a5770b6559b6e6765c4ef800e85ae42781ea4900 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-9374

CVE-2016-9374

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect