Vulnerability CVE-2016-9372: Information

Description

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9372
Published: Nov. 17, 2016
Modified: Nov. 7, 2023
Error type identifier: CWE-20CWE-399

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
wiresharksisyphus2.2.2-alt14.2.5-alt2ALT-PU-2016-2325-1172583Fixed
wiresharkp102.2.2-alt14.0.11-alt1ALT-PU-2016-2325-1172583Fixed
wiresharkp92.2.2-alt14.0.8-alt1ALT-PU-2016-2325-1172583Fixed
wiresharkp82.2.2-alt0.M80P.13.0.6-alt1ALT-PU-2016-2328-1172600Fixed
wiresharkc10f12.2.2-alt14.0.11-alt1ALT-PU-2016-2325-1172583Fixed
wiresharkc9f22.2.2-alt14.0.11-alt1ALT-PU-2016-2325-1172583Fixed
wiresharkc72.2.7-alt1.M70C.12.2.7-alt1.M70C.1ALT-PU-2017-1698-1183820Fixed
wiresharkp112.2.2-alt14.2.5-alt2ALT-PU-2016-2325-1172583Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.wireshark.org/security/wnpa-sec-2016-58.html
  • Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12851
  • Issue Tracking
94368
  • Third Party Advisory
  • VDB Entry
1037313
    https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4127e3930ef663114567002001f44e01eba8a250

        1. Configuration 1

          cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*
          cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top