CVE-2016-6508 | Vulnerability Database | Aqua Security

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.12.0	1.12.0
Wireshark	Wireshark	1.12.1	1.12.1
Wireshark	Wireshark	1.12.2	1.12.2
Wireshark	Wireshark	1.12.3	1.12.3
Wireshark	Wireshark	1.12.4	1.12.4
Wireshark	Wireshark	1.12.5	1.12.5
Wireshark	Wireshark	1.12.6	1.12.6
Wireshark	Wireshark	1.12.7	1.12.7
Wireshark	Wireshark	1.12.8	1.12.8
Wireshark	Wireshark	1.12.9	1.12.9
Wireshark	Wireshark	1.12.10	1.12.10
Wireshark	Wireshark	1.12.11	1.12.11
Wireshark	Wireshark	1.12.12	1.12.12
Wireshark	Wireshark	2.0.0	2.0.0
Wireshark	Wireshark	2.0.1	2.0.1
Wireshark	Wireshark	2.0.2	2.0.2
Wireshark	Wireshark	2.0.3	2.0.3
Wireshark	Wireshark	2.0.4	2.0.4
Wireshark	Ubuntu	esm-apps/xenial	*
Wireshark	Ubuntu	precise	*
Wireshark	Ubuntu	trusty	*
Wireshark	Ubuntu	trusty/esm	*
Wireshark	Ubuntu	upstream	*
Wireshark	Ubuntu	xenial	*

References

http://openwall.com/lists/oss-security/2016/07/28/3
http://www.debian.org/security/2016/dsa-3648
http://www.securitytracker.com/id/1036480
http://www.wireshark.org/security/wnpa-sec-2016-44.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6508
CWE	https://cwe.mitre.org/data/definitions/399.html