Vulners
Lucene search
Wireshark 2.0.0 < 2.0.4 / 1.12.0 < 1.12.12 - PacketBB Dissector Denial of Service
| Reporter | Title | Published | Views | Family All 50 |
|---|---|---|---|---|
 | wireshark -- multiple vulnerabilities | 27 Jul 201600:00 | – | freebsd |
 | CVE-2016-6505 | 6 Aug 201623:00 | – | alpinelinux |
 | wireshark-cli: denial of service | 27 Aug 201600:00 | – | archlinux |
 | CVE-2016-6505 | 3 Aug 201600:00 | – | circl |
 | Wireshark 'epan/dissectors/packet-packetbb.c' Remote Denial of Service Vulnerability | 31 Jul 201600:00 | – | cnvd |
 | CVE-2016-6505 | 6 Aug 201623:00 | – | cve |
 | CVE-2016-6505 | 6 Aug 201623:00 | – | cvelist |
 | [SECURITY] [DLA 595-1] wireshark security update | 15 Aug 201614:53 | – | debian |
| [SECURITY] [DSA 3648-1] wireshark security update | 12 Aug 201619:39 | – | debian |
 | CVE-2016-6505 | 6 Aug 201623:00 | – | debiancve |
10
Sample generated by AFL
Build Information:
TShark 1.12.9 (v1.12.9-0-gfadb421 from (HEAD)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.48.1, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, without SMI, with c-ares 1.11.0, without
Lua, without Python, with GnuTLS 3.4.13, with Gcrypt 1.7.1, with MIT Kerberos,
with GeoIP.
Running on Linux 4.6.2-1-ARCH, with locale en_US.utf8, with libpcap version
1.7.4, with libz 1.2.8.
Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
--
This issue was uncovered with AFL (http://lcamtuf.coredump.cx/afl/)
The attached sample evokes a divide-by-zero error in the dissect_pbb_tlvblock() function at packet-packetbb.c:289.
The variable of interest seems to be 'c' which is set at packet-packetbb.c:285 using two other variables and an addition. When c is zero, the expression "length/c" at packet-packetbb.c:289 results in a divide-by-zero error.
Divide-by-zero has been observed when sample is parsed by tshark versions 1.12.8, 1.12.9, 1.12.10, 1.12.12, and 2.0.4 among others.
Credit goes to Chris Benedict, Aurelien Delaitre, NIST SAMATE Project, https://samate.nist.gov
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40197.zip
# 0day.today [2018-03-20] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Aug 2016 00:00Current
6.2Medium risk
Vulners AI Score6.2
EPSS0.03586