CVE Vulnerabilities

CVE-2016-5354

NULL Pointer Dereference

Published: Aug 07, 2016 | Modified: Nov 28, 2016
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Wireshark Wireshark 2.0.0 2.0.0
Wireshark Wireshark 1.12.4 1.12.4
Wireshark Wireshark 1.12.10 1.12.10
Wireshark Wireshark 1.12.5 1.12.5
Wireshark Wireshark 1.12.0 1.12.0
Wireshark Wireshark 1.12.9 1.12.9
Wireshark Wireshark 2.0.1 2.0.1
Wireshark Wireshark 1.12.2 1.12.2
Wireshark Wireshark 2.0.2 2.0.2
Wireshark Wireshark 2.0.3 2.0.3
Wireshark Wireshark 1.12.1 1.12.1
Wireshark Wireshark 1.12.7 1.12.7
Wireshark Wireshark 1.12.11 1.12.11
Wireshark Wireshark 1.12.6 1.12.6
Wireshark Wireshark 1.12.3 1.12.3
Wireshark Wireshark 1.12.8 1.12.8

Potential Mitigations

References