CVE-2016-2527

Published: Feb 28, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

Affected (2)

Products: Wireshark: Wireshark

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.securitytracker.com/id/1035118

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2016-07.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982

Source: cve@mitre.org

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=140aad08e081489b5cdb715cb5bca01db856fded

Source: cve@mitre.org

https://security.gentoo.org/glsa/201604-05

Source: cve@mitre.org

http://www.securitytracker.com/id/1035118

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2016-07.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=140aad08e081489b5cdb715cb5bca01db856fded

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201604-05

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.