Published: 17/11/2016 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 2.0.0
wireshark wireshark 2.0.4
wireshark wireshark 2.2.0
wireshark wireshark 2.0.1
wireshark wireshark 2.2.1
wireshark wireshark 2.0.7
wireshark wireshark 2.0.2
wireshark wireshark 2.0.3
wireshark wireshark 2.0.6
wireshark wireshark 2.0.5
debian debian linux 8.0

In Wireshark 220 to 221 and 200 to 207, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file This was addressed in epan/dissectors/packet-openflow_v5c by ensuring that certain length values were sufficiently large ...

CWE-399 https://www.wireshark.org/security/wnpa-sec-2016-60.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13071 http://www.securityfocus.com/bid/94369 http://www.debian.org/security/2016/dsa-3719 http://www.securitytracker.com/id/1037313 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f2a7af8d3928e18ef15778e63b9b6c78f8bd1bef https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-9376

CVE-2016-9376

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect