Vulnerability Details : CVE-2016-2527
wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.
Vulnerability category: OverflowInput validationDenial of service
Products affected by CVE-2016-2527
- cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2527
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2527
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-2527
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2527
-
http://www.securitytracker.com/id/1035118
Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service and Let Local Users Gain Elevated Privileges - SecurityTracker
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded
code.wireshark Code Review - wireshark.git/commit
-
https://security.gentoo.org/glsa/201604-05
Wireshark: Multiple vulnerabilities (GLSA 201604-05) — Gentoo security
-
http://www.wireshark.org/security/wnpa-sec-2016-07.html
Wireshark · wnpa-sec-2016-07 · 3GPP TS 32.423 Trace file parser crashVendor Advisory
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982
11982 – Wireshark stack-based out-of-bounds read in nettrace_3gpp_32_423_file_openVendor Advisory
Jump to