CVE-2016-6512

Published: 06 August 2016

epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.

Priority

Low

CVSS 3 base score: 5.9

Status

Package Release Status
wireshark
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.5+ga3be9c6-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.6.3-1~ubuntu18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.6.3-1~ubuntu16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.6.3-1~ubuntu14.04.1)