Vulnerability Details : CVE-2016-6503
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-6503
- cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6503
1.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6503
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2016-6503
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6503
-
http://www.wireshark.org/security/wnpa-sec-2016-39.html
Wireshark · wnpa-sec-2016-39 · CORBA IDL dissector crash on 64-bit Windows.Vendor Advisory
-
https://www.exploit-db.com/exploits/40196/
Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
12495 – Crash in Corba auto generated files with MSVC2013 Update 5 x64Issue Tracking
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
code.wireshark Code Review - wireshark.git/commitPatch
-
http://openwall.com/lists/oss-security/2016/07/28/3
oss-security - CVE request: Wireshark 2.0.5 and 1.12.13 security releasesMailing List
-
http://www.securitytracker.com/id/1036480
Wireshark Dissector/Parser Bugs Let Remote Users Deny Service - SecurityTracker
-
http://www.securityfocus.com/bid/92162
Wireshark CORBA IDL Dissector Denial of Service Vulnerability
Jump to