Vulnerability Details : CVE-2016-2522
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-2522
- cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2522
0.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2522
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2016-2522
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2522
-
http://www.securitytracker.com/id/1035118
Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service and Let Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.wireshark.org/security/wnpa-sec-2016-02.html
Wireshark · wnpa-sec-2016-02 · ASN.1 BER dissector crashVendor Advisory
-
https://security.gentoo.org/glsa/201604-05
Wireshark: Multiple vulnerabilities (GLSA 201604-05) — Gentoo security
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11828
11828 – Wireshark heap-based out-of-bounds read in dissect_ber_constrained_bitstringExploit;Vendor Advisory
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2f3f7c5c9205381cb72e42b66e97d8ed3abf63
code.wireshark Code Review - wireshark.git/commit
Jump to