CVE-2016-2530 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
1.4%
top 19.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 28
Latest updateMay 17
Description
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
4GHSA
▶