Main Vulnerability Database Vulnerabilities #VU419

Denial of service in Wireshark - CVE-2016-7180

Published: September 13, 2016

Vulnerability identifier: #VU419

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7180

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Wireshark.org

Affected software:
Wireshark

Detailed vulnerability description

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the IPMI Trace dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.

How to mitigate CVE-2016-7180

Update to 2.0.6. or later.

Sources

https://www.wireshark.org/security/wnpa-sec-2016-55.html

Denial of service in Wireshark - CVE-2016-7180

Detailed vulnerability description

How to mitigate CVE-2016-7180

Sources

Please verify you're human