CVE-2016-7175

Published on: 09/09/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:07 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Wireshark from Wireshark contain the following vulnerability:

epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

  • CVE-2016-7175 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
code.wireshark Code Review - wireshark.git/commit Issue Tracking
Patch
code.wireshark.org
text/xml
URL Logo CONFIRM code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf
Wireshark · wnpa-sec-2016-50 · QNX6 QNET dissector crash Vendor Advisory
www.wireshark.org
text/html
URL Logo CONFIRM www.wireshark.org/security/wnpa-sec-2016-50.html
Wireshark QNX6 QNET, H.225, Catapult DCT2000, UMTS FP, and IPMI Trace Dissector Bugs Lets Remote Users Cause the Target Service to Crash - SecurityTracker Third Party Advisory
www.securitytracker.com
text/html
URL Logo SECTRACK 1036760
Gerrit Code Review Issue Tracking
Patch
code.wireshark.org
text/html
URL Logo CONFIRM code.wireshark.org/review/16965
Bug 11850 – Buildbot crash output: fuzz-2015-12-03-17013.pcap Issue Tracking
bugs.wireshark.org
text/html
URL Logo CONFIRM bugs.wireshark.org/bugzilla/show_bug.cgi?id=11850

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationWiresharkWireshark2.0.0AllAllAll
ApplicationWiresharkWireshark2.0.1AllAllAll
ApplicationWiresharkWireshark2.0.2AllAllAll
ApplicationWiresharkWireshark2.0.3AllAllAll
ApplicationWiresharkWireshark2.0.4AllAllAll
ApplicationWiresharkWireshark2.0.5AllAllAll
ApplicationWiresharkWireshark2.0.0AllAllAll
ApplicationWiresharkWireshark2.0.1AllAllAll
ApplicationWiresharkWireshark2.0.2AllAllAll
ApplicationWiresharkWireshark2.0.3AllAllAll
ApplicationWiresharkWireshark2.0.4AllAllAll
ApplicationWiresharkWireshark2.0.5AllAllAll
  • cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*: