fkie_cve-2016-5357
Vulnerability from fkie_nvd
Published
2016-08-07 16:59
Modified
2025-04-12 10:46
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
References
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3615
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2016/06/09/3Mailing List
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/91140
cve@mitre.orghttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396Issue Tracking
cve@mitre.orghttps://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
cve@mitre.orghttps://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78
cve@mitre.orghttps://www.wireshark.org/security/wnpa-sec-2016-36.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3615
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/06/09/3Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91140
af854a3a-2127-422b-91ae-364da2661108https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
af854a3a-2127-422b-91ae-364da2661108https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78
af854a3a-2127-422b-91ae-364da2661108https://www.wireshark.org/security/wnpa-sec-2016-36.htmlVendor Advisory
Impacted products
Vendor Product Version
wireshark wireshark 1.12.0
wireshark wireshark 1.12.1
wireshark wireshark 1.12.2
wireshark wireshark 1.12.3
wireshark wireshark 1.12.4
wireshark wireshark 1.12.5
wireshark wireshark 1.12.6
wireshark wireshark 1.12.7
wireshark wireshark 1.12.8
wireshark wireshark 1.12.9
wireshark wireshark 1.12.10
wireshark wireshark 1.12.11
wireshark wireshark 2.0.0
wireshark wireshark 2.0.1
wireshark wireshark 2.0.2
wireshark wireshark 2.0.3
oracle solaris 11.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA2B085-01D2-4707-A9F7-6545E4D6D99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4BBF1A-4303-456C-AD19-F5BCF6FDD76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3D5FFB-1A09-4A06-8E83-DF72E39E1891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "94DC7821-59C4-4BD7-BDCA-D0319B209010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D31D86-1402-472B-8318-245A0CC034AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:1.12.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8281E6C3-7A2B-41E1-99A4-A423FEE11064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E2A443-32DB-4C8B-8D2D-AE4F80A154A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF0B55F-A412-48E2-9047-7CCA8442766D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C45C7F24-9B97-4FF6-AFE8-102EDA0B26D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BE013B-8615-49DB-939E-B7E289171467",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file."
    },
    {
      "lang": "es",
      "value": "wiretap/netscreen.c en el analizador de archivo NetScreen en Wireshark 1.12.x en versiones anteriores a 1.12.12 y 2.x en versiones anteriores a 2.0.4 no maneja correctamente procesamiento sin signo de entero sscanf, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo manipulado."
    }
  ],
  "id": "CVE-2016-5357",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-07T16:59:12.127",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3615"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/06/09/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/91140"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.wireshark.org/security/wnpa-sec-2016-36.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/06/09/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.wireshark.org/security/wnpa-sec-2016-36.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.