CVE-2016-7178

Published: 9 September 2016

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.

Priority

CVSS 3 base score: 5.9

Status

Package	Release	Status
wireshark Launchpad, Ubuntu, Debian	artful	Not vulnerable (2.4.2-1)
	bionic	Not vulnerable
	precise	Does not exist (precise was not-affected)
	trusty	Not vulnerable (1.10.6-1)
	upstream	Released (2.0.6)
	xenial	Released (2.2.6+g32dac6a-2ubuntu0.16.04)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7178
https://code.wireshark.org/review/17094
https://www.wireshark.org/security/wnpa-sec-2016-53.html
NVD
Launchpad
Debian

Bugs

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12751

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›