CVE-2016-9376 | Vulnerability Database | Aqua Security

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	2.0.0 (including)	2.0.0 (including)
Wireshark	Wireshark	2.0.1 (including)	2.0.1 (including)
Wireshark	Wireshark	2.0.2 (including)	2.0.2 (including)
Wireshark	Wireshark	2.0.3 (including)	2.0.3 (including)
Wireshark	Wireshark	2.0.4 (including)	2.0.4 (including)
Wireshark	Wireshark	2.0.5 (including)	2.0.5 (including)
Wireshark	Wireshark	2.0.6 (including)	2.0.6 (including)
Wireshark	Wireshark	2.0.7 (including)	2.0.7 (including)
Wireshark	Wireshark	2.2.0 (including)	2.2.0 (including)
Wireshark	Wireshark	2.2.1 (including)	2.2.1 (including)
Wireshark	Ubuntu	precise	*
Wireshark	Ubuntu	trusty	*
Wireshark	Ubuntu	upstream	*
Wireshark	Ubuntu	xenial	*
Wireshark	Ubuntu	yakkety	*
Wireshark	Ubuntu	zesty	*

References

http://www.debian.org/security/2016/dsa-3719
http://www.securityfocus.com/bid/94369
http://www.securitytracker.com/id/1037313
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13071
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f2a7af8d3928e18ef15778e63b9b6c78f8bd1bef
https://www.wireshark.org/security/wnpa-sec-2016-60.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9376
CWE	https://cwe.mitre.org/data/definitions/399.html