CVE-2016-4085

Published: Apr 25, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.

Affected (16)

Products: Oracle: Solaris · Debian: Debian Linux · Wireshark: Wireshark

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

14 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.12.0
Wireshark Wireshark	Version 1.12.10
Wireshark Wireshark	Version 1.12.1
Wireshark Wireshark	Version 1.12.2
Wireshark Wireshark	Version 1.12.3
Wireshark Wireshark	Version 1.12.4
Wireshark Wireshark	Version 1.12.5
Wireshark Wireshark	Version 1.12.6
Wireshark Wireshark	Version 1.12.7
Wireshark Wireshark	Version 1.12.8
Wireshark Wireshark	Version 1.12.9
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

http://www.debian.org/security/2016/dsa-3585

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/87467

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035685

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2016-28.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293

Source: cve@mitre.org

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3585

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/87467

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035685

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2016-28.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.