CVE-2016-2528

Published: Feb 28, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Affected (2)

Products: Wireshark: Wireshark

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.securitytracker.com/id/1035118

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2016-08.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984

Source: cve@mitre.org

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1c090e929269a78bf7a4cb3dc0d34565f4351312

Source: cve@mitre.org

https://security.gentoo.org/glsa/201604-05

Source: cve@mitre.org

http://www.securitytracker.com/id/1035118

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2016-08.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11984

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1c090e929269a78bf7a4cb3dc0d34565f4351312

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201604-05

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.