CVE-2016-5354

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5354
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5354.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5354
Downstream
Related
Published
2016-08-07T16:59:08Z
Modified
2025-09-16T06:24:02.363557Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

References

Affected packages

Debian:11 / wireshark

Package

Name
wireshark
Purl
pkg:deb/debian/wireshark?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.4+gdd7746e-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / wireshark

Package

Name
wireshark
Purl
pkg:deb/debian/wireshark?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.4+gdd7746e-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / wireshark

Package

Name
wireshark
Purl
pkg:deb/debian/wireshark?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.4+gdd7746e-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / wireshark

Package

Name
wireshark
Purl
pkg:deb/debian/wireshark?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.4+gdd7746e-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2cb5985bf47bdc8bea78d28483ed224abdd33dc6
Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
01b65bf3a8e3d2f856471b0bb5a7e38dabf815f3
Last affected
4fab41a1f0e14e9124ea6a61e7bae42e95599495
Last affected
5819e5b13c0bbd224fde5a4c900ad8e22f09b4cc
Last affected
59ea380c69dca2bc2f97fa97c1bf410bbcd2411c
Last affected
5b6e543233efc5c8abfd8edd6fbf717f7ec3f632
Last affected
7f56a20e1e701216b3c31c3540022f604978b1e3
Last affected
7fc8978399fe7fe20bac8f2ef5f2f15eef4c4698
Last affected
898fa22ad39718f1a7cb9976f61a4f85e4e72b05
Last affected
9a73b827b22c7ce9132e939b9f07ec4425fc2aa6
Last affected
a16e22ed9cbbc599fe8b7b8e40a6696a0138c489
Last affected
b4861da48fa018a82f674161b7335c2e269d33ec
Last affected
bb3e9a0fc7c94f7bde5b62aedfee06f748c1d37f
Last affected
c74c83c36c90e874c0aea0d98a84396852713d1e
Last affected
ee1fce6fb32c55cf1af2fe1778f67eb77c0ff8d4
Last affected
eed34f0ac6696c053585ddf75c5805b3d5b395cf
Last affected
fadb421970e5e2103ebd15ca1e5d19b89d20efa0

Affected versions

Other

backups/ethereal@18706
ethereal-0-3-15
start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.12.0
v1.12.0-rc1
v1.12.0-rc2
v1.12.0rc0
v1.12.0rc3
v1.12.1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0

v2.*

v2.0.0
v2.0.0rc0
v2.0.0rc1
v2.0.0rc2
v2.0.0rc3
v2.0.1
v2.0.1rc0
v2.1.0rc0

wireshark-1.*

wireshark-1.11.3
wireshark-1.12.0
wireshark-1.12.1
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9

wireshark-2.*

wireshark-2.0.0
wireshark-2.0.1

Database specific 

{
    "vanir_signatures": [
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "dissect_usb_video_control_interface_descriptor",
                "file": "epan/dissectors/packet-usb-video.c"
            },
            "digest": {
                "function_hash": "38991717562554354448688099878107430617",
                "length": 3472.0
            },
            "id": "CVE-2016-5354-011723af"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "dissect_usb_ms_bulk",
                "file": "epan/dissectors/packet-usb-masstorage.c"
            },
            "digest": {
                "function_hash": "205275966524059301860662151854519004952",
                "length": 3916.0
            },
            "id": "CVE-2016-5354-3d8a4e2e"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "epan/dissectors/packet-usb-masstorage.c"
            },
            "digest": {
                "line_hashes": [
                    "104578399008033933484790114005483227338",
                    "174835685048025130091216320107438523605",
                    "166178389634764862862863190013939337808",
                    "177389974860473702890910229842602741237",
                    "238337483652338013289121849273947640311"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-5354-75254fa7"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "epan/dissectors/packet-u3v.c"
            },
            "digest": {
                "line_hashes": [
                    "28095717053133429533739427908533762268",
                    "194535656081060019615570420065437164689",
                    "285172571283529211920560151374617817753",
                    "62737670386296213839126994697244632351"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-5354-a6662da7"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "epan/dissectors/packet-usb.h"
            },
            "digest": {
                "line_hashes": [
                    "187611618679383657147187075697580540111",
                    "35500140392874496190632268257813200513",
                    "24909503819365022352672669174319515662",
                    "88212867023447446693012239387813885709",
                    "87801412849613835011788423419222158896",
                    "143673356169114193494867804253258369242",
                    "204154613662388597360739331540845914802"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-5354-b2859939"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "epan/dissectors/packet-usb-audio.c"
            },
            "digest": {
                "line_hashes": [
                    "186543461634473554635284614606606556443",
                    "65316368528136380644700311899371356510",
                    "102212498408069995683177291519526333446",
                    "252577905139853126889246322500453426014"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-5354-ba211bdf"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "dissect_u3v",
                "file": "epan/dissectors/packet-u3v.c"
            },
            "digest": {
                "function_hash": "179716100385531890219293716583623713296",
                "length": 5066.0
            },
            "id": "CVE-2016-5354-c952d4fb"
        },
        {
            "source": "https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6",
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "epan/dissectors/packet-usb-video.c"
            },
            "digest": {
                "line_hashes": [
                    "66969777042917715605213464713518031072",
                    "231957956600622192529325516774099401315",
                    "58485873746455648256178749521583511809",
                    "251463345109567976779019212207360989530"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2016-5354-ef2f4e0b"
        }
    ]
}