CVE-2016-7176 - OpenCVE

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark:2.0.0:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.1:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.2:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.3:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.4:::::::*
	cpe:2.3:a:wireshark:wireshark:2.0.5:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2016/dsa-3671	Third Party Advisory
http://www.securitytracker.com/id/1036760	Third Party Advisory VDB Entry
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700	Issue Tracking
https://code.wireshark.org/review/16852	Issue Tracking Patch
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6d8261994bb928b7e80e3a2478a3d939ea1ef373
https://www.wireshark.org/security/wnpa-sec-2016-51.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-09-09T10:00:00

Updated: 2016-09-27T14:57:01

Reserved: 2016-09-08T00:00:00

Link: CVE-2016-7176

JSON object: View

NVD Information

Status : Modified

Published: 2016-09-09T10:59:01.947

Modified: 2023-11-07T02:34:16.280

Link: CVE-2016-7176

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-09-27T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/16852"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.wireshark.org/security/wnpa-sec-2016-51.html"}, {"name": "1036760", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036760"}, {"name": "DSA-3671", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3671"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6d8261994bb928b7e80e3a2478a3d939ea1ef373"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7176", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.wireshark.org/review/16852", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/16852"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700"}, {"name": "https://www.wireshark.org/security/wnpa-sec-2016-51.html", "refsource": "CONFIRM", "url": "https://www.wireshark.org/security/wnpa-sec-2016-51.html"}, {"name": "1036760", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036760"}, {"name": "DSA-3671", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3671"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7176", "datePublished": "2016-09-09T10:00:00", "dateReserved": "2016-09-08T00:00:00", "dateUpdated": "2016-09-27T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "80E2A443-32DB-4C8B-8D2D-AE4F80A154A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EF0B55F-A412-48E2-9047-7CCA8442766D", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C45C7F24-9B97-4FF6-AFE8-102EDA0B26D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8BE013B-8615-49DB-939E-B7E289171467", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FDB30F17-A41A-4F09-977F-AB91E509247E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "D900BA83-D5D3-4A8D-8C32-D135A3E5190E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet."}, {"lang": "es", "value": "epan/dissectors/packet-h225.c en el disector H.225 en Wireshark 2.x en versiones anteriores a 2.0.6 llama a snprintf con uno de sus b\u00fafer de entrada como si fuera un b\u00fafer de salida, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (superposici\u00f3n de copia y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un paquete manipulado."}], "id": "CVE-2016-7176", "lastModified": "2023-11-07T02:34:16.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-09T10:59:01.947", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3671"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036760"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12700"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://code.wireshark.org/review/16852"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6d8261994bb928b7e80e3a2478a3d939ea1ef373"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2016-51.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}