CVE-2016-5354

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
wiresharkwireshark
1.12.0
wiresharkwireshark
1.12.1
wiresharkwireshark
1.12.2
wiresharkwireshark
1.12.3
wiresharkwireshark
1.12.4
wiresharkwireshark
1.12.5
wiresharkwireshark
1.12.6
wiresharkwireshark
1.12.7
wiresharkwireshark
1.12.8
wiresharkwireshark
1.12.9
wiresharkwireshark
1.12.10
wiresharkwireshark
1.12.11
wiresharkwireshark
2.0.0
wiresharkwireshark
2.0.1
wiresharkwireshark
2.0.2
wiresharkwireshark
2.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
bionic
not-affected
artful
not-affected
zesty
ignored
yakkety
ignored
xenial
Fixed 2.2.6+g32dac6a-2ubuntu0.16.04
released
wily
ignored
trusty
Fixed 1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/91140
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6
https://www.wireshark.org/security/wnpa-sec-2016-33.html
http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/91140
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6
https://www.wireshark.org/security/wnpa-sec-2016-33.html