CVE-2016-4081
Published: 25 April 2016
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Priority
Medium
CVSS 3 base score: 5.9
Status
| Package | Release | Status |
|---|---|---|
|
wireshark Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| precise |
Does not exist
(precise was needed)
|
|
| trusty |
Released
(1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1)
|
|
| upstream |
Needs triage
|
|
| wily |
Ignored
(reached end-of-life)
|
|
| xenial |
Released
(2.2.6+g32dac6a-2ubuntu0.16.04)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4081
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=42f299be6abb302f32cec78b1c0812364c9f9285
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12260
- http://www.wireshark.org/security/wnpa-sec-2016-24.html
- NVD
- Launchpad
- Debian