CVE-2016-9372

Published: Nov 17, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.

Affected (2)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 2.2.0
Wireshark Wireshark	Version 2.2.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-399

References (10)

http://www.securityfocus.com/bid/94368

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037313

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851

Source: cve@mitre.org

Issue Tracking

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2016-58.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/94368