Main Vulnerability Database Vulnerabilities #VU416

in Wireshark - CVE-2016-7177

Published: September 13, 2016

Vulnerability identifier: #VU416

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7177

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Wireshark.org

Affected software:
Wireshark

Detailed vulnerability description

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the Catapult DCT2000 dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.

How to mitigate CVE-2016-7177

Update to 2.0.6.

Sources

https://www.wireshark.org/security/wnpa-sec-2016-52.html

in Wireshark - CVE-2016-7177

Detailed vulnerability description

How to mitigate CVE-2016-7177

Sources

Please verify you're human