CVE-2016-9374 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-3996 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

1.2%

top 20.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedNov 17

Latest updateMay 17

Description

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.2.2+g9c5aae3-1 (bookworm)

▶Debianwireshark/wireshark< 2.2.2+g9c5aae3-1+3

▶NVDwireshark/wireshark10 versions+9

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-6vw8-w3q3-4cmf: In Wireshark 2↗2022-05-17

▶

OSV

CVE-2016-9374: In Wireshark 2↗2016-11-17

▶

📋Vendor Advisories

Red Hat

wireshark: AllJoyn crash (wnpa-sec-2016-59)↗2016-11-16

▶

Debian

CVE-2016-9374: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could cras...↗2016

▶

💬Community

Bugzilla

CVE-2016-9374 wireshark: AllJoyn crash (wnpa-sec-2016-59)↗2016-11-18

▶