CVE-2016-5359
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-5359
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5359.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-5359
- Downstream
- Related
- Published
- 2016-08-07T16:59:14Z
- Modified
- 2025-10-25T11:56:11.079237Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet.
- References
-
- http://www.debian.org/security/2016/dsa-3615
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
- https://www.wireshark.org/security/wnpa-sec-2016-38.html
- http://www.openwall.com/lists/oss-security/2016/06/09/3
- https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0
- http://www.securityfocus.com/bid/91140
Affected packages
Git / github.com/wireshark/wireshark
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wireshark/wireshark
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
backups/ethereal@18706
ethereal-0-3-15
start
ethereal-0.*
ethereal-0.3.15
v1.*
v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.12.0
v1.12.0-rc1
v1.12.0-rc2
v1.12.0rc0
v1.12.0rc3
v1.12.1
v1.12.10
v1.12.10rc0
v1.12.11
v1.12.11rc0
v1.12.12rc0
v1.12.2
v1.12.2rc0
v1.12.3
v1.12.3rc0
v1.12.4
v1.12.4rc0
v1.12.5
v1.12.5rc0
v1.12.6
v1.12.6rc0
v1.12.7
v1.12.7rc0
v1.12.8
v1.12.8rc0
v1.12.9
v1.12.9rc0
wireshark-1.*
wireshark-1.11.3
wireshark-1.12.0
wireshark-1.12.1
wireshark-1.12.10
wireshark-1.12.11
wireshark-1.12.2
wireshark-1.12.3
wireshark-1.12.4
wireshark-1.12.5
wireshark-1.12.6
wireshark-1.12.7
wireshark-1.12.8
wireshark-1.12.9
Database specific
vanir_signatures
[
{
"source": "https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5359-31125c20",
"target": {
"function": "parse_wbxml_attribute_list_defined",
"file": "epan/dissectors/packet-wbxml.c"
},
"digest": {
"length": 5422.0,
"function_hash": "148500127934408009697092230251578610084"
},
"signature_type": "Function"
},
{
"source": "https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5359-4563910b",
"target": {
"function": "parse_wbxml_tag_defined",
"file": "epan/dissectors/packet-wbxml.c"
},
"digest": {
"length": 9440.0,
"function_hash": "163944597436354463178870928724087187552"
},
"signature_type": "Function"
},
{
"source": "https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5359-9141aec3",
"target": {
"file": "epan/dissectors/packet-wbxml.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"67610622701970184290553588580183889084",
"91325355928160085932440203182364159450",
"120720890600383259180895777098256288181",
"114910516480691935899078898207847627433",
"165008569202645622300382822615495196403",
"280988204502699191843930655572756473488",
"66475716529971636501610138979105542789",
"35398807192904916275203729800690187297",
"153960594443750609499689575013439143648",
"261890174015245498500883166218909921908",
"324261148394130691302777141913996756101",
"90488073146076214700603127876341026031",
"308756478074685172930017545175108057558",
"91325355928160085932440203182364159450",
"120720890600383259180895777098256288181",
"114910516480691935899078898207847627433",
"35416387769534039057238932264827112118",
"320126448307663699326746988189196620004",
"234977784954851322905887342735437873515",
"119232718222261333802185607524997486061",
"153960594443750609499689575013439143648",
"261890174015245498500883166218909921908",
"178482820545290865534138615772894783663",
"246104676115242477137918595698077946980",
"67610622701970184290553588580183889084",
"91325355928160085932440203182364159450",
"120720890600383259180895777098256288181",
"114910516480691935899078898207847627433",
"115155009236890171133872081544887437654",
"271391782470751431774662124775527043402",
"75339411829285533422903877661384994320",
"205143464398937600503789611453335812796",
"291280183616629744421098469514181876075",
"273739085990933085164187671996451828353",
"305150414078321585581275249061464994301",
"60322449002918953301779936948786160971",
"91325355928160085932440203182364159450",
"120720890600383259180895777098256288181",
"114910516480691935899078898207847627433",
"334870869368734171198288830261048231151",
"259489133114930017640925913381511243904",
"188905657936584469301308080101078066294",
"250985881998070324609114870669581211247",
"291280183616629744421098469514181876075",
"273739085990933085164187671996451828353",
"305150414078321585581275249061464994301"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5359-a81ea8fa",
"target": {
"function": "parse_wbxml_tag",
"file": "epan/dissectors/packet-wbxml.c"
},
"digest": {
"length": 8967.0,
"function_hash": "159171920405067032407074568214499969604"
},
"signature_type": "Function"
},
{
"source": "https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2016-5359-c56d40e4",
"target": {
"function": "parse_wbxml_attribute_list",
"file": "epan/dissectors/packet-wbxml.c"
},
"digest": {
"length": 4678.0,
"function_hash": "47902761673621423256170958096113712080"
},
"signature_type": "Function"
}
]