CVE-2016-5351Improper Input Validation in Wireshark

CWE-20Improper Input Validation12 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 48.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkDebian WiresharkApache Tomcat
Timeline
PublishedAug 7
Latest updateMay 17

Description

epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

debiandebian/wireshark< wireshark 2.0.4+gdd7746e-1 (bookworm)
Debianwireshark/wireshark< 2.0.4+gdd7746e-1+3
NVDwireshark/wireshark16 versions+15
apacheapache/tomcat

🔴Vulnerability Details

2
GHSA
GHSA-mqc6-qfm4-6pwr: epan/crypt/airpdcap2022-05-17
OSV
CVE-2016-5351: epan/crypt/airpdcap2016-08-07

📋Vendor Advisories

3
Red Hat
wireshark: IEEE 802.11 dissector crash (wnpa-sec-2016-30)2016-06-07
Debian
CVE-2016-5351: wireshark - epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1....2016
Apache
Apache tomcat: CVE-2015-5351

💬Community

3
Bugzilla
CVE-2016-5351 wireshark: IEEE 802.11 dissector crash (wnpa-sec-2016-30)2016-06-08
Bugzilla
CVE-2016-5350 CVE-2016-5351 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5359 wireshark: various flaws [fedora-all]2016-06-08
Bugzilla
CVE-2015-5351 tomcat: CSRF token leak2016-02-23