CVE-2016-6504
Published on: 08/06/2016 12:00:00 AM UTC
Last Modified on: 11/07/2023 02:34:00 AM UTC
Certain versions of Wireshark from Wireshark contain the following vulnerability:
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
- CVE-2016-6504 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.9 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | HIGH | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
12576 – Attempted use of uninitialized pointer in dissect_nds_request | Issue Tracking bugs.wireshark.org text/html | CONFIRM bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576 |
Wireshark · wnpa-sec-2016-40 · NDS dissector crash | Vendor Advisory www.wireshark.org text/html | CONFIRM www.wireshark.org/security/wnpa-sec-2016-40.html |
Debian -- Security Information -- DSA-3648-1 wireshark | www.debian.org Depreciated Link text/html | DEBIAN DSA-3648 |
Wireshark 1.12.0-1.12.12 - NDS Dissector Denial of Service | www.exploit-db.com Proof of Concept text/html | EXPLOIT-DB 40194 |
code.wireshark Code Review - wireshark.git/commit | Issue Tracking Patch code.wireshark.org text/xml | CONFIRM code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99 |
Wireshark Dissector/Parser Bugs Let Remote Users Deny Service - SecurityTracker | www.securitytracker.com text/html | SECTRACK 1036480 |
oss-security - CVE request: Wireshark 2.0.5 and 1.12.13 security releases | Mailing List openwall.com text/html | MLIST [oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases |
Wireshark NDS Dissector Denial of Service Vulnerability | cve.report (archive) text/html | BID 92164 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Wireshark | Wireshark | 1.12.0 | All | All | All |
Application | Wireshark | Wireshark | 1.12.1 | All | All | All |
Application | Wireshark | Wireshark | 1.12.10 | All | All | All |
Application | Wireshark | Wireshark | 1.12.11 | All | All | All |
Application | Wireshark | Wireshark | 1.12.12 | All | All | All |
Application | Wireshark | Wireshark | 1.12.2 | All | All | All |
Application | Wireshark | Wireshark | 1.12.3 | All | All | All |
Application | Wireshark | Wireshark | 1.12.4 | All | All | All |
Application | Wireshark | Wireshark | 1.12.5 | All | All | All |
Application | Wireshark | Wireshark | 1.12.6 | All | All | All |
Application | Wireshark | Wireshark | 1.12.7 | All | All | All |
Application | Wireshark | Wireshark | 1.12.8 | All | All | All |
Application | Wireshark | Wireshark | 1.12.9 | All | All | All |
Application | Wireshark | Wireshark | 1.12.0 | All | All | All |
Application | Wireshark | Wireshark | 1.12.1 | All | All | All |
Application | Wireshark | Wireshark | 1.12.10 | All | All | All |
Application | Wireshark | Wireshark | 1.12.11 | All | All | All |
Application | Wireshark | Wireshark | 1.12.12 | All | All | All |
Application | Wireshark | Wireshark | 1.12.2 | All | All | All |
Application | Wireshark | Wireshark | 1.12.3 | All | All | All |
Application | Wireshark | Wireshark | 1.12.4 | All | All | All |
Application | Wireshark | Wireshark | 1.12.5 | All | All | All |
Application | Wireshark | Wireshark | 1.12.6 | All | All | All |
Application | Wireshark | Wireshark | 1.12.7 | All | All | All |
Application | Wireshark | Wireshark | 1.12.8 | All | All | All |
Application | Wireshark | Wireshark | 1.12.9 | All | All | All |
- cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.10:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.11:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.12:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.9:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.10:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.11:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.12:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:1.12.9:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE