Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2528

The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

Related bugs and status

CVE-2016-2528 (Candidate) is related to these bugs:

Bug #1567386: Sync bugfix security release wireshark 2.0.2+ga16e22e-1 (universe) from Debian testing (main)

Summary				In	Importance	Status
	1567386	Sync bugfix security release wireshark 2.0.2+ga16e22e-1 (universe) from Debian testing (main)		wireshark (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.wireshark.o...
CONFIRM: https://bugs.wireshark...
CONFIRM: https://code.wireshark...
GENTOO: GLSA-201604-05
SECTRACK: 1035118