The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
http://www.debian.org/security/2016/dsa-3505
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.securityfocus.com/bid/79382
http://www.securitytracker.com/id/1034551
http://www.wireshark.org/security/wnpa-sec-2015-47.html
Source: MITRE
Published: 2016-01-04
Updated: 2016-12-07
Type: CWE-20
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
OR
cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
131579 | EulerOS 2.0 SP2 : wireshark (EulerOS-SA-2019-2425) | Nessus | Huawei Local Security Checks | high |
91838 | F5 Networks BIG-IP : Multiple Wireshark (tshark) vulnerabilities (K01837042) | Nessus | F5 Networks Local Security Checks | high |
90744 | GLSA-201604-05 : Wireshark: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
89695 | Debian DSA-3505-1 : wireshark - security update | Nessus | Debian Local Security Checks | medium |
87912 | SUSE SLED11 / SLES11 Security Update : wireshark (SUSE-SU-2016:0110-1) | Nessus | SuSE Local Security Checks | medium |
87911 | SUSE SLED12 / SLES12 Security Update : wireshark (SUSE-SU-2016:0109-1) | Nessus | SuSE Local Security Checks | medium |
87833 | openSUSE Security Update : wireshark (openSUSE-2016-12) | Nessus | SuSE Local Security Checks | medium |
87825 | Wireshark 2.0.0 Multiple DoS | Nessus | Windows | medium |
87824 | Wireshark 1.12.x < 1.12.9 Multiple DoS | Nessus | Windows | medium |