CVE-2016-9373

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Resource Management Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-6354, CVE-2016-7175, CVE-2016-7176, CVE-2016-7177, CVE-2016-7178, CVE-2016-7179, CVE-2016-7180, CVE-2016-9374, CVE-2016-9375, CVE-2016-9376, CVE-2017-5596, CVE-2017-5597, CVE-2017-6014, CVE-2017-7700, CVE-2017-7701, CVE-2017-7702, CVE-2017-7703, CVE-2017-7704, CVE-2017-7705, CVE-2017-7745, CVE-2017-7746, CVE-2017-7747, CVE-2017-7748

Published on 17/11/16 - Updated on 28/07/17

Description

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.

Category: Resource Management Error

CWE-416 (Use After Free)
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Security Notices

US National Vulnerability DatabaseCVE-2016-9373
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-381
Arch Linux ASA-201611-23, ASA-201611-24, ASA-201611-25
Debian DSA-3719-1
Debian LTSDLA-714-1
SUSE SUSE-SU-2017:1174, SUSE-SU-2017:1442

Exploits

SecurityFocusBID-94369

Relative technologies

VendorProduct
debiandebian_linux
wiresharkwireshark

Share this vulnerability with:

Twitter Facebook LinkedIn Mail