CVE-2016-2532

The dissectllrpparameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://github.com/wireshark/wireshark

Events

Introduced

Last affected

4fab41a1f0e14e9124ea6a61e7bae42e95599495

Introduced

Last affected

01b65bf3a8e3d2f856471b0bb5a7e38dabf815f3

Introduced

Last affected

898fa22ad39718f1a7cb9976f61a4f85e4e72b05

Introduced

Last affected

bb3e9a0fc7c94f7bde5b62aedfee06f748c1d37f

Introduced

Last affected

b4861da48fa018a82f674161b7335c2e269d33ec

Introduced

Last affected

5819e5b13c0bbd224fde5a4c900ad8e22f09b4cc

Introduced

Last affected

ee1fce6fb32c55cf1af2fe1778f67eb77c0ff8d4

Introduced

Last affected

7fc8978399fe7fe20bac8f2ef5f2f15eef4c4698

Introduced

Last affected

5b6e543233efc5c8abfd8edd6fbf717f7ec3f632

Introduced

Last affected

fadb421970e5e2103ebd15ca1e5d19b89d20efa0

Introduced

Last affected

9a73b827b22c7ce9132e939b9f07ec4425fc2aa6

Introduced

Last affected

59ea380c69dca2bc2f97fa97c1bf410bbcd2411c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.1"
        }
    ]
}

Affected versions

Other

backups/ethereal@18706

ethereal-0-3-15

start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0

v1.11.0-rc1

v1.11.1

v1.11.1-rc1

v1.11.2

v1.11.2-rc1

v1.11.3

v1.11.3-rc1

v1.11.4-rc1

v1.12.0

v1.12.0-rc1

v1.12.0-rc2

v1.12.0rc3

v1.99.0

v1.99.0-rc1

v1.99.1

v1.99.10rc0

v1.99.1rc0

v1.99.2

v1.99.2rc0

v1.99.3

v1.99.3rc0

v1.99.4

v1.99.4rc0

v1.99.5

v1.99.5rc0

v1.99.6

v1.99.6rc0

v1.99.7

v1.99.7rc0

v1.99.8

v1.99.8rc0

v1.99.9

v1.99.9rc0

v2.*

v2.0.0

v2.0.0rc0

v2.0.0rc1

v2.0.0rc2

v2.0.0rc3

wireshark-1.*

wireshark-1.11.3

wireshark-1.12.0

wireshark-1.99.0

wireshark-1.99.1

wireshark-1.99.2

wireshark-1.99.3

wireshark-1.99.4

wireshark-1.99.5

wireshark-1.99.6

wireshark-1.99.7

wireshark-1.99.8

wireshark-1.99.9

wireshark-2.*

wireshark-2.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2532.json"