Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6503 — Improper Input Validation in Wireshark

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

2.2%

top 15.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedAug 6

Latest updateMay 17

Description

The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/wireshark

▶NVDwireshark/wireshark5 versions+4

🔴Vulnerability Details

GHSA

GHSA-92q6-c8gm-2php: The CORBA IDL dissectors in Wireshark 2↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service↗2016-08-03

▶

📋Vendor Advisories

Debian

CVE-2016-6503: wireshark - The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platfor...↗2016

▶