CVE-2016-7180

Published: 09 September 2016

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
wireshark
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.6)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.2.6+g32dac6a-2ubuntu0.16.04)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.10.6-1)
Patches:
Upstream: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934