Description
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/39076
References (8)
Core 8
Core References
Patch x_refsource_confirm
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=53a3e53fce30523d11ab3df319fba7b75d63076f
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3505
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79814
Issue Tracking x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201604-05
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2015-51.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034551
Scores
CVSS v3
5.5
EPSS
0.0163
EPSS Percentile
82.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (10)
wireshark/wireshark
1.12.0
wireshark/wireshark
1.12.1
wireshark/wireshark
1.12.2
wireshark/wireshark
1.12.3
wireshark/wireshark
1.12.4
wireshark/wireshark
1.12.5
wireshark/wireshark
1.12.6
wireshark/wireshark
1.12.7
wireshark/wireshark
1.12.8
wireshark/wireshark
2.0.0
Published
Jan 04, 2016
Tracked Since
Feb 18, 2026