Denial of Service : Wireshark Multiple Denial of Service Vulnerabilities (May 2016)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.807575

Category: Denial of Service

Title: Wireshark Multiple Denial of Service Vulnerabilities (May 2016) - Windows

Summary: Wireshark is prone to multiple denial of service vulnerabilities.

Description: Summary:
Wireshark is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- 'epan/dissectors/packet-ncp2222.inc' script in the NCP dissector does not
properly initialize memory for search patterns.

- 'epan/reassemble.c' script in TShark relies on incorrect special-case
handling of truncated Tvb data structures.

- 'epan/dissectors/packet-mswsp.c' script in the MS-WSP dissector does not
ensure that data is available before array allocation.

- An integer signedness error in 'epan/dissectors/packet-mswsp.c' script in
the MS-WSP dissector

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct denial of service attack.

Affected Software/OS:
Wireshark version 2.0.x before 2.0.3
on Windows

Solution:
Upgrade to Wireshark version 2.0.3 or
later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4084
http://www.securitytracker.com/id/1035685
Common Vulnerability Exposure (CVE) ID: CVE-2016-4083
Common Vulnerability Exposure (CVE) ID: CVE-2016-4077
https://code.google.com/p/google-security-research/issues/detail?id=651
Common Vulnerability Exposure (CVE) ID: CVE-2016-4076

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.807575
Category:	Denial of Service
Title:	Wireshark Multiple Denial of Service Vulnerabilities (May 2016) - Windows
Summary:	Wireshark is prone to multiple denial of service vulnerabilities.
Description:	Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - 'epan/dissectors/packet-ncp2222.inc' script in the NCP dissector does not properly initialize memory for search patterns. - 'epan/reassemble.c' script in TShark relies on incorrect special-case handling of truncated Tvb data structures. - 'epan/dissectors/packet-mswsp.c' script in the MS-WSP dissector does not ensure that data is available before array allocation. - An integer signedness error in 'epan/dissectors/packet-mswsp.c' script in the MS-WSP dissector Vulnerability Impact: Successful exploitation will allow remote attackers to conduct denial of service attack. Affected Software/OS: Wireshark version 2.0.x before 2.0.3 on Windows Solution: Upgrade to Wireshark version 2.0.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4084 http://www.securitytracker.com/id/1035685 Common Vulnerability Exposure (CVE) ID: CVE-2016-4083 Common Vulnerability Exposure (CVE) ID: CVE-2016-4077 https://code.google.com/p/google-security-research/issues/detail?id=651 Common Vulnerability Exposure (CVE) ID: CVE-2016-4076
Copyright	Copyright (C) 2016 Greenbone AG