Main Vulnerability Database Vulnerabilities #VU420

Denial of service in Wireshark - CVE-2016-7175

Published: September 13, 2016

Vulnerability identifier: #VU420

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7175

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Wireshark.org

Affected software:
Wireshark

Detailed vulnerability description

The vulnerability allows remote user to cause the denial of service on the target system.
The weakness exists due to causing of the QNX6 QNET dissector crash. A remote attacker can send and inject specially crafted malformed packet or trick the victim into reading its trace file.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service on the vulnerable system.

How to mitigate CVE-2016-7175

Update to 2.0.6. or later.

Sources

https://www.wireshark.org/security/wnpa-sec-2016-50.html

Denial of service in Wireshark - CVE-2016-7175

Detailed vulnerability description

How to mitigate CVE-2016-7175

Sources

Please verify you're human