Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5350

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published

2016-08-07T16:59:01.643

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wireshark	wireshark	1.12.0	Yes
Application	wireshark	wireshark	1.12.1	Yes
Application	wireshark	wireshark	1.12.2	Yes
Application	wireshark	wireshark	1.12.3	Yes
Application	wireshark	wireshark	1.12.4	Yes
Application	wireshark	wireshark	1.12.5	Yes
Application	wireshark	wireshark	1.12.6	Yes
Application	wireshark	wireshark	1.12.7	Yes
Application	wireshark	wireshark	1.12.8	Yes
Application	wireshark	wireshark	1.12.9	Yes
Application	wireshark	wireshark	1.12.10	Yes
Application	wireshark	wireshark	1.12.11	Yes
Application	wireshark	wireshark	2.0.0	Yes
Application	wireshark	wireshark	2.0.1	Yes
Application	wireshark	wireshark	2.0.2	Yes
Application	wireshark	wireshark	2.0.3	Yes

References

http://www.debian.org/security/2016/dsa-3615 ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/09/3 Release Notes ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html ([email protected])
http://www.securityfocus.com/bid/91140 ([email protected])
https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b Patch ([email protected])
https://www.wireshark.org/security/wnpa-sec-2016-29.html Vendor Advisory ([email protected])
http://www.debian.org/security/2016/dsa-3615 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/09/3 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91140 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.wireshark.org/security/wnpa-sec-2016-29.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)