CVE-2016-5358

Published: Aug 7, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected (5)

Products: Wireshark: Wireshark · Oracle: Solaris

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.0.0
Wireshark Wireshark	Version 2.0.1
Wireshark Wireshark	Version 2.0.2
Wireshark Wireshark	Version 2.0.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://www.openwall.com/lists/oss-security/2016/06/09/3

Source: cve@mitre.org

Mailing List

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/91140

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440

Source: cve@mitre.org

Issue Tracking

https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2016-37.html

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/06/09/3