CVE-2016-2526

Published: Feb 28, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

Affected (2)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.securitytracker.com/id/1035118

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2016-06.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11983

Source: cve@mitre.org

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=69a679cc3a9c087064b7e9521b9e9f3c40dd0b72

Source: cve@mitre.org

https://security.gentoo.org/glsa/201604-05

Source: cve@mitre.org

http://www.securitytracker.com/id/1035118