CVE-2016-5357

Published: Aug 7, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Affected (17)

Products: Wireshark: Wireshark · Oracle: Solaris

1 product

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.12.0
Wireshark Wireshark	Version 1.12.10
Wireshark Wireshark	Version 1.12.11
Wireshark Wireshark	Version 1.12.1
Wireshark Wireshark	Version 1.12.2
Wireshark Wireshark	Version 1.12.3
Wireshark Wireshark	Version 1.12.4
Wireshark Wireshark	Version 1.12.5
Wireshark Wireshark	Version 1.12.6
Wireshark Wireshark	Version 1.12.7
Wireshark Wireshark	Version 1.12.8
Wireshark Wireshark	Version 1.12.9
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2
Wireshark Wireshark	Version 2.0.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://www.debian.org/security/2016/dsa-3615

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/06/09/3

Source: cve@mitre.org

Mailing List

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/91140

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396

Source: cve@mitre.org

Issue Tracking

https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82

Source: cve@mitre.org

https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2016-36.html

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2016/dsa-3615

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/06/09/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/91140

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.wireshark.org/security/wnpa-sec-2016-36.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.