CVE-2016-9375 — Improper Input Validation in Wireshark

CWE-20 — Improper Input Validation CWE-3996 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

1.5%

top 18.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedNov 17

Latest updateMay 17

Description

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.2.2+g9c5aae3-1 (bookworm)

▶Debianwireshark/wireshark< 2.2.2+g9c5aae3-1+3

▶NVDwireshark/wireshark10 versions+9

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-v8rx-p8p8-52fx: In Wireshark 2↗2022-05-17

▶

OSV

CVE-2016-9375: In Wireshark 2↗2016-11-17

▶

📋Vendor Advisories

Red Hat

wireshark: DTN infinite loop (wnpa-sec-2016-62)↗2016-11-16

▶

Debian

CVE-2016-9375: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into ...↗2016

▶

💬Community

Bugzilla

CVE-2016-9375 wireshark: DTN infinite loop (wnpa-sec-2016-62)↗2016-11-18

▶