First published: Mon Apr 25 2016(Updated: )
Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wireshark Wireshark | =2.0.0 | |
Wireshark Wireshark | =2.0.1 | |
Wireshark Wireshark | =2.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4084 is classified as a high severity vulnerability due to its potential to cause a denial of service.
To mitigate CVE-2016-4084, users should upgrade to Wireshark version 2.0.3 or later.
CVE-2016-4084 affects Wireshark versions 2.0.0, 2.0.1, and 2.0.2.
CVE-2016-4084 allows remote attackers to exploit an integer overflow leading to application crashes.
CVE-2016-4084 is found in the MS-WSP dissector of Wireshark.