SB2016022801 - Multiple vulnerabilities in Wireshark
Published: February 28, 2016 Updated: March 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2016-4420)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
2) Resource management error (CVE-ID: CVE-2016-4419)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
3) Out-of-bounds read (CVE-ID: CVE-2016-4416)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted packet.
4) Heap-based buffer overflow (CVE-ID: CVE-2016-4415)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which. A remote attacker can use a crafted file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Out-of-bounds read (CVE-ID: CVE-2016-2529)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the wiretap/iseries.c function in the iSeries file parser file. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
6) Stack-based buffer overflow (CVE-ID: CVE-2016-2527)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a crafted file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2016-2528)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector when processing a crafted packet. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Input validation error (CVE-ID: CVE-2016-2526)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
9) Input validation error (CVE-ID: CVE-2016-2525)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
10) Input validation error (CVE-ID: CVE-2016-2524)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
11) Out-of-bounds read (CVE-ID: CVE-2016-2522)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the epan/dissectors/packet-ber.c function in the ASN.1 BER dissector file. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
Remediation
Install update from vendor's website.
References
- https://www.wireshark.org/security/wnpa-sec-2016-17.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12151
- https://www.wireshark.org/security/wnpa-sec-2016-16.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11818
- https://www.wireshark.org/security/wnpa-sec-2016-13.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11795
- https://code.google.com/p/google-security-research/issues/detail?id=647
- https://www.wireshark.org/security/wnpa-sec-2016-12.html
- http://www.securitytracker.com/id/1035118
- http://www.wireshark.org/security/wnpa-sec-2016-09.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11985
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96d585a5e9baef21e1eea8505d78305b034dc80e
- https://security.gentoo.org/glsa/201604-05
- http://www.wireshark.org/security/wnpa-sec-2016-07.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded
- http://www.wireshark.org/security/wnpa-sec-2016-08.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c090e929269a78bf7a4cb3dc0d34565f4351312
- http://www.wireshark.org/security/wnpa-sec-2016-06.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11983
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69a679cc3a9c087064b7e9521b9e9f3c40dd0b72
- http://www.wireshark.org/security/wnpa-sec-2016-05.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12077
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6a47ac7624993b99966e1d813245ffb419a2d201
- http://www.wireshark.org/security/wnpa-sec-2016-04.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12002
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a8020a1b6bb73fcb8bb7eb7d53177bc8a9fc703
- http://www.wireshark.org/security/wnpa-sec-2016-02.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11828
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2f3f7c5c9205381cb72e42b66e97d8ed3abf63