CVE-2016-7180 : epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

Published 2016-09-09 10:59:06

Updated 2016-09-29 14:35:36

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2016-7180

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 2.0.0
cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 2.0.1
cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 2.0.2
cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 2.0.3
cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 2.0.4
cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark » Version: 2.0.5
cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-7180

EPSS FAQ

0.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7180

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-7180

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7180

http://www.securitytracker.com/id/1036760

Wireshark QNX6 QNET, H.225, Catapult DCT2000, UMTS FP, and IPMI Trace Dissector Bugs Lets Remote Users Cause the Target Service to Crash - SecurityTracker
Third Party Advisory

CVEs referencing this url
https://www.wireshark.org/security/wnpa-sec-2016-55.html

Wireshark · wnpa-sec-2016-55 · IPMI Trace dissector crash
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12782

12782 – Buildbot crash output: fuzz-2016-08-22-20350.pcap
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934

code.wireshark Code Review - wireshark.git/commit
Issue Tracking;Patch
http://www.debian.org/security/2016/dsa-3671

Debian -- Security Information -- DSA-3671-1 wireshark
Third Party Advisory

CVEs referencing this url
https://code.wireshark.org/review/17289

Change Ia082ccf5: IPMI: do not use col_set_str with non const strings | code.wireshark Code Review
Issue Tracking;Patch

Jump to

Vulnerability Details : CVE-2016-7180

Products affected by CVE-2016-7180

Exploit prediction scoring system (EPSS) score for CVE-2016-7180

CVSS scores for CVE-2016-7180

CWE ids for CVE-2016-7180

References for CVE-2016-7180