Wireshark 2.0.0/2.0.1 ASN.1 BER Dissector packet-ber.c dissect_ber_constrained_bitstring memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Wireshark 2.0.0/2.0.1. Impacted is the function dissect_ber_constrained_bitstring of the file epan/dissectors/packet-ber.c of the component ASN.1 BER Dissector. This manipulation causes memory corruption.
This vulnerability is tracked as CVE-2016-2522. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
Details
A vulnerability was found in Wireshark 2.0.0/2.0.1 (Packet Analyzer Software). It has been declared as problematic. Affected by this vulnerability is the function dissect_ber_constrained_bitstring of the file epan/dissectors/packet-ber.c of the component ASN.1 BER Dissector. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect availability. The summary by CVE is:
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
The weakness was disclosed 02/28/2016 by Mateusz Jurczyk with Wireshark (Website). The advisory is shared at code.wireshark.org. This vulnerability is known as CVE-2016-2522 since 02/20/2016. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 89048 (FreeBSD : wireshark -- multiple vulnerabilities (45117749-df55-11e5-b2bd-002590263bf5)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 124753 (Wireshark Multiple Denial of Service Vulnerabilities (wnpa-sec-2016-01 to wnpa-sec-2016-18)).
Upgrading to version 2.0.2 eliminates this vulnerability. A possible mitigation has been published 2 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (111109), Tenable (89048), SecurityFocus (BID 83580†) and Vulnerability Center (SBV-56936†). The entries VDB-81096, VDB-81098, VDB-81099 and VDB-81100 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.wireshark.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.6
VulDB Base Score: 5.9
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.9
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 89048
Nessus Name: FreeBSD : wireshark -- multiple vulnerabilities (45117749-df55-11e5-b2bd-002590263bf5)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 803330
OpenVAS Name: Wireshark Multiple Denial-of-Service Vulnerabilities March16 (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
Exposure Time: 🔍
Upgrade: Wireshark 2.0.2
Patch: 9b2f3f7c5c9205381cb72e42b66e97d8ed3abf63
Timeline
02/20/2016 🔍02/25/2016 🔍
02/27/2016 🔍
02/28/2016 🔍
02/28/2016 🔍
02/28/2016 🔍
02/29/2016 🔍
02/29/2016 🔍
03/02/2016 🔍
07/08/2022 🔍
Sources
Product: wireshark.orgAdvisory: code.wireshark.org⛔
Researcher: Mateusz Jurczyk
Organization: Wireshark
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2016-2522 (🔍)
GCVE (CVE): GCVE-0-2016-2522
GCVE (VulDB): GCVE-100-81097
X-Force: 111109 - WireShark ASN.1 BER dissector denial of service
SecurityFocus: 83580 - Wireshark Multiple Denial of Service Vulnerabilities
SecurityTracker: 1035118
Vulnerability Center: 56936 - Wireshark 2.0.0-2.0.1 Remote DoS in ASN.1 BER Dissector - CVE-2016-2522, Medium
See also: 🔍
Entry
Created: 02/28/2016 21:35Updated: 07/08/2022 14:46
Changes: 02/28/2016 21:35 (68), 08/25/2018 11:20 (24), 07/08/2022 14:46 (6)
Complete: 🔍
Cache ID: 216:C87:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.