[3.1] wireshark: Multiple issues (CVE-2016-4006, CVE-2016-4078, CVE-2016-4079, CVE-2016-4080, CVE-2016-4081, CVE-2016-4082, CVE-2016-4085)
CVE-2016-4006: Wireshark and TShark could exhaust the stack.
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3
does not limit the protocol-tree depth,
which allows remote attackers to cause a denial of service (stack memory
consumption and application crash) via a crafted packet.
References:
https://www.wireshark.org/security/wnpa-sec-2016-25.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=12268
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4006
CVE-2016-4078: The IEEE 802.11 dissector could crash.
The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x
before 2.0.3 does not properly restrict element lists, which allows
remote attackers
to cause a denial of service (deep recursion and application crash) via
a crafted packet, related to epan/dissectors/packet-capwap.c and
epan/dissectors/packet-ieee80211.c.
References:
https://www.wireshark.org/security/wnpa-sec-2016-21.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4078
CVE-2016-4079: PKTC dissector crash
Affected versions: 2.0.0 to 2.0.2, 1.12.0 to 1.12.10
Fixed versions: 2.0.3, 1.12.11
References:
https://www.wireshark.org/security/wnpa-sec-2016-22.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=12206
CVE-2016-4080: The PKTC dissector could crash.
Affected versions: 2.0.0 to 2.0.2, 1.12.0 to 1.12.10
Fixed versions: 2.0.3, 1.12.11
References:
https://www.wireshark.org/security/wnpa-sec-2016-23.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=12242
CVE-2016-4081: The IAX2 dissector could go into an infinite loop.
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x
before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data
type,
which allows remote attackers to cause a denial of service (infinite
loop) via a crafted packet.
References:
https://www.wireshark.org/security/wnpa-sec-2016-24.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4081
CVE-2016-4082: The GSM CBCH dissector could crash.
Affected versions: 2.0.0 to 2.0.2, 1.12.0 to 1.12.10
Fixed versions: 2.0.3, 1.12.11
References:
https://www.wireshark.org/security/wnpa-sec-2016-26.html
CVE-2016-4085: The NCP dissector could crash.
Affected versions: 1.12.0 to 1.12.10
Fixed versions: 1.12.11
References:
https://www.wireshark.org/security/wnpa-sec-2016-28.html
(from redmine: issue id 5626, created on 2016-05-24, closed on 2016-06-23)
- Relations:
- parent #5623 (closed)
- Changesets:
- Revision 7a30ccb5 on 2016-06-21T12:01:47Z:
main/wireshark: security upgrade to 1.12.12. Fixes #5626
CVE-2016-4006
CVE-2016-4078
CVE-2016-4079
CVE-2016-4080
CVE-2016-4081
CVE-2016-4082
CVE-2016-4085