CVE-2016-9372 - OpenCVE

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark:2.2.0:::::::*
	cpe:2.3:a:wireshark:wireshark:2.2.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/94368	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037313
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851	Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250
https://www.wireshark.org/security/wnpa-sec-2016-58.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-11-17T05:48:00

Updated: 2017-07-27T09:57:01

Reserved: 2016-11-16T00:00:00

Link: CVE-2016-9372

JSON object: View

NVD Information

Status : Modified

Published: 2016-11-17T05:59:00.163

Modified: 2023-11-07T02:37:01.480

Link: CVE-2016-9372

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1037313", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037313"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.wireshark.org/security/wnpa-sec-2016-58.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250"}, {"name": "94368", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94368"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9372", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1037313", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037313"}, {"name": "https://www.wireshark.org/security/wnpa-sec-2016-58.html", "refsource": "CONFIRM", "url": "https://www.wireshark.org/security/wnpa-sec-2016-58.html"}, {"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4127e3930ef663114567002001f44e01eba8a250", "refsource": "CONFIRM", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4127e3930ef663114567002001f44e01eba8a250"}, {"name": "94368", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94368"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9372", "datePublished": "2016-11-17T05:48:00", "dateReserved": "2016-11-16T00:00:00", "dateUpdated": "2017-07-27T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "32F65580-D1F4-4ABC-A358-545BF29D8089", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6568A81-BE0B-4AEF-808C-74CD0C2EE9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects."}, {"lang": "es", "value": "En Wireshark 2.2.0 hasta la versi\u00f3n 2.2.1, el disector Profinet I/O podr\u00eda circular en exceso, desencadenado por tr\u00e1fico de red o un archivo de captura. Esto fue abordado en plugins/profinet/packet-pn-rtc-one.c rechazando la entrada con demasiados objetos I/O."}], "id": "CVE-2016-9372", "lastModified": "2023-11-07T02:37:01.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-17T05:59:00.163", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94368"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037313"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851"}, {"source": "cve@mitre.org", "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2016-58.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}