CVE-2016-2523 - OpenCVE

The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark:1.12.0:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.1:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.2:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.3:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.4:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.5:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.6:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.7:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.8:::::::*
	cpe:2.3:a:wireshark:wireshark:1.12.9:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.0:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.1:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html
http://www.debian.org/security/2016/dsa-3516
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1035118
http://www.wireshark.org/security/wnpa-sec-2016-03.html	Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938	Vendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=260afe11feb796d1fde992d8f8c133ebd950b573
https://security.gentoo.org/glsa/201604-05

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-02-28T02:00:00

Updated: 2017-09-07T09:57:01

Reserved: 2016-02-20T00:00:00

Link: CVE-2016-2523

JSON object: View

NVD Information

Status : Modified

Published: 2016-02-28T04:59:02.103

Modified: 2023-11-07T02:31:12.850

Link: CVE-2016-2523

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2016:0661", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/security/wnpa-sec-2016-03.html"}, {"name": "openSUSE-SU-2016:0660", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"}, {"name": "DSA-3516", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3516"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=260afe11feb796d1fde992d8f8c133ebd950b573"}, {"name": "GLSA-201604-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-05"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938"}, {"name": "1035118", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035118"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2523", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:0661", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"}, {"name": "http://www.wireshark.org/security/wnpa-sec-2016-03.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2016-03.html"}, {"name": "openSUSE-SU-2016:0660", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"}, {"name": "DSA-3516", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3516"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=260afe11feb796d1fde992d8f8c133ebd950b573", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=260afe11feb796d1fde992d8f8c133ebd950b573"}, {"name": "GLSA-201604-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-05"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938"}, {"name": "1035118", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035118"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2523", "datePublished": "2016-02-28T02:00:00", "dateReserved": "2016-02-20T00:00:00", "dateUpdated": "2017-09-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "29AC5E99-9C21-4C2E-AE68-A4B887318577", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B90C8934-01D8-4027-8A38-0B3230CC5077", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "49C89A62-69E2-40C5-9C75-FA6601A935A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "1946DDC9-E49F-4601-8448-E73B0480C880", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "E2F85560-F43E-46C5-9CD1-1A1D66E21580", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "2518D86A-623D-431E-9574-32B677D5FB94", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "FEA2B085-01D2-4707-A9F7-6545E4D6D99A", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*", "matchCriteriaId": "FE4BBF1A-4303-456C-AD19-F5BCF6FDD76B", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*", "matchCriteriaId": "AD3D5FFB-1A09-4A06-8E83-DF72E39E1891", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.12.9:*:*:*:*:*:*:*", "matchCriteriaId": "94DC7821-59C4-4BD7-BDCA-D0319B209010", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "80E2A443-32DB-4C8B-8D2D-AE4F80A154A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EF0B55F-A412-48E2-9047-7CCA8442766D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."}, {"lang": "es", "value": "La funci\u00f3n dnp3_al_process_object en epan/dissectors/packet-dnp.c en el disector DNP3 en Wireshark 1.12.x en versiones anteriores a 1.12.10 y 2.0.x en versiones anteriores a 2.0.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un paquete manipulado."}], "id": "CVE-2016-2523", "lastModified": "2023-11-07T02:31:12.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-28T04:59:02.103", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3516"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035118"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.wireshark.org/security/wnpa-sec-2016-03.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=260afe11feb796d1fde992d8f8c133ebd950b573"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201604-05"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}