CVE-2016-9376 — Wireshark vulnerability

CWE-3996 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

1.5%

top 18.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedNov 17

Latest updateMay 17

Description

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.2.2+g9c5aae3-1 (bookworm)

▶Debianwireshark/wireshark< 2.2.2+g9c5aae3-1+3

▶NVDwireshark/wireshark10 versions+9

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-c3r9-8878-x2vq: In Wireshark 2↗2022-05-17

▶

OSV

CVE-2016-9376: In Wireshark 2↗2016-11-17

▶

📋Vendor Advisories

Red Hat

wireshark: OpenFlow crash (wnpa-sec-2016-60)↗2016-11-16

▶

Debian

CVE-2016-9376: wireshark - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could cra...↗2016

▶

💬Community

Bugzilla

CVE-2016-9376 wireshark: OpenFlow crash (wnpa-sec-2016-60)↗2016-11-18

▶