fkie_cve-2016-9376
Vulnerability from fkie_nvd
Published
2016-11-17 05:59
Modified
2025-04-12 10:46
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
References
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3719Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/94369Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1037313
cve@mitre.orghttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13071Issue Tracking
cve@mitre.orghttps://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f2a7af8d3928e18ef15778e63b9b6c78f8bd1bef
cve@mitre.orghttps://www.wireshark.org/security/wnpa-sec-2016-60.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3719Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94369Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037313
af854a3a-2127-422b-91ae-364da2661108https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13071Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f2a7af8d3928e18ef15778e63b9b6c78f8bd1bef
af854a3a-2127-422b-91ae-364da2661108https://www.wireshark.org/security/wnpa-sec-2016-60.htmlVendor Advisory
Impacted products
Vendor Product Version
wireshark wireshark 2.0.0
wireshark wireshark 2.0.1
wireshark wireshark 2.0.2
wireshark wireshark 2.0.3
wireshark wireshark 2.0.4
wireshark wireshark 2.0.5
wireshark wireshark 2.0.6
wireshark wireshark 2.0.7
wireshark wireshark 2.2.0
wireshark wireshark 2.2.1
debian debian_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E2A443-32DB-4C8B-8D2D-AE4F80A154A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF0B55F-A412-48E2-9047-7CCA8442766D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C45C7F24-9B97-4FF6-AFE8-102EDA0B26D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BE013B-8615-49DB-939E-B7E289171467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB30F17-A41A-4F09-977F-AB91E509247E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D900BA83-D5D3-4A8D-8C32-D135A3E5190E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A630396B-1D60-4C45-9A45-F15E542B1C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A6D9AC-17D2-4A8F-A32A-23E8854D5514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F65580-D1F4-4ABC-A358-545BF29D8089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6568A81-BE0B-4AEF-808C-74CD0C2EE9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large."
    },
    {
      "lang": "es",
      "value": "En Wireshark 2.2.0 hasta la versi\u00f3n 2.2.1 y 2.0.0 hasta la versi\u00f3n 2.0.7, el disector OpenFlow podr\u00eda caerse con agotamiento de memoria, provocado por tr\u00e1fico de red o un archivo de captura. Esto fue abordado en epan/dissectors/packet-openflow_v5.c asegurando que ciertos valores de longitud fueran suficientemente grandes."
    }
  ],
  "id": "CVE-2016-9376",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-17T05:59:05.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3719"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94369"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1037313"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13071"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f2a7af8d3928e18ef15778e63b9b6c78f8bd1bef"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.wireshark.org/security/wnpa-sec-2016-60.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f2a7af8d3928e18ef15778e63b9b6c78f8bd1bef"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.wireshark.org/security/wnpa-sec-2016-60.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.