CVE-2016-4078 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-4078 PUBLISHED

The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.

EPSS 0.36% · 57.7th percentile

Risk Scores

EPSS Score

0.36%

57.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	wireshark	0, 2.4.5-1, 2.4.4-1
Ubuntu:16.04:LTS	wireshark	1.12.8+g5b6e543-2, 0, 1.12.7+g7fc8978-1
Ubuntu:14.04:LTS	wireshark	1.10.3-1, 1.10.2-1, 1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1

Timeline

Apr 25, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-4078 third-party-advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e2745d741ec11f395d41c0aafa24df9dec136399 third-party-advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12187 third-party-advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11824 third-party-advisory
http://www.wireshark.org/security/wnpa-sec-2016-21.html third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-4078 third-party-advisory

Open in Interactive Console →