CVE-2016-4085Improper Input Validation in Wireshark

CWE-20Improper Input Validation9 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
0.9%
top 24.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkDebian LinuxOracle Solaris
Timeline
PublishedApr 25
Latest updateMay 17

Description

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 2.0.0~rc2+g74e5b56-1+3
NVDwireshark/wireshark14 versions+13
NVDoracle/solaris11.3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-7854-7w99-q6gp: Stack-based buffer overflow in epan/dissectors/packet-ncp22222022-05-17
OSV
CVE-2016-4085: Stack-based buffer overflow in epan/dissectors/packet-ncp22222016-04-25
CVEList
CVE-2016-4085: Stack-based buffer overflow in epan/dissectors/packet-ncp22222016-04-25

📋Vendor Advisories

2
Red Hat
wireshark: NCP dissector crash (wnpa-sec-2016-28)2016-04-22
Debian
CVE-2016-4085: wireshark - Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dis...2016

💬Community

2
Bugzilla
CVE-2016-4085 wireshark: NCP dissector crash (wnpa-sec-2016-28)2016-04-25
Bugzilla
CVE-2016-4006 CVE-2016-4078 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085 wireshark: various flaws [fedora-all]2016-04-25
CVE-2016-4085 — Improper Input Validation in Wireshark | cvebase