CVE-2016-5356

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5356
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5356.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5356
Downstream
Related
Published
2016-08-07T16:59:10.830Z
Modified
2025-11-27T20:14:40.974045Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a66628e425db725df1ac52a3c573a03357060ddd
Fixed
f5ec0afb766f19519ea9623152cca3bbe2229500

Affected versions

Other

backups/ethereal@18706
ethereal-0-3-15
start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0

v2.*

v2.1.0rc0

wireshark-1.*

wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "139569648133174936995680122850924426149",
            "length": 2859.0
        },
        "target": {
            "file": "wiretap/cosine.c",
            "function": "parse_cosine_rec_hdr"
        },
        "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-0d0e9d89",
        "signature_type": "Function"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "71333923822682718027308170522297697116",
                "148825741904739258044621541819718484529",
                "258076794249418317877703304630380750277",
                "301631587790100395817448942962281299575",
                "259214332604082233685396186735349173871",
                "336514937699450282869340146417706847316",
                "237417998883945208484368833853712304021",
                "169133747316324202002614374790615220865",
                "51710834043792237729907852343981602393",
                "338063757848004913697618673350519739340",
                "283708670620639808617747627923471401057",
                "317941198244658157104117708188402127886",
                "337091706102247004722815530270869850595",
                "297619019263805389752419967625948939761",
                "181119350125597751575351299619626887728",
                "152024026949585661293378260989567859541",
                "60281315064754530619078856340098131796",
                "239768735720645694243752556225576027493",
                "81142515836288981121454149355211213945",
                "141313813907425311873698091218738487165",
                "301098176586959383548643099943166057319",
                "271528530801346505842464360024129873089",
                "77197104754355865602041160023941016146",
                "281856074811471429548677955440458514158",
                "15684530757511478212835472210233672700",
                "252538957748358257149041746381260252186",
                "227766434670231356870621853933774984288",
                "102799019195563740730021370995209767132",
                "229414221062285070380803237614218335726",
                "118880341625886206813748083254635707018",
                "289192048670625705456244812244948530345",
                "77582077685452351292195854807762077896",
                "328460811897439175775374225781754645407",
                "42598608447562250460784992532146159510",
                "70980633982689581448348762832786500630",
                "259097281410863872747494658649385045429",
                "312113404933227177706258261488420276928",
                "157547284173881130323857632171801983952",
                "54804721415805361157196124729944690735",
                "77997723401573734414086558596934869371",
                "151799025519759521333502869509812509867",
                "93205087977497115982562983458840988439",
                "71836857647894980268341033255272712597",
                "197693468289958457159528040136517606406",
                "26754213950114766914133878814724769521",
                "92450965267007418890689887346631271524",
                "329811632476508564496024411318663214545",
                "299568405862922102570475932348181731312",
                "264614511285649832178596903540128344438",
                "46340605494512847284082442404175006016",
                "309131992411370574569411545613684937451",
                "164367953757794853375040534315005703831",
                "109353496393306513026402724915639571668",
                "292741186738175222945989572890595198705",
                "273887072230080492776600664855789797196",
                "217499827469868787390918562759360366106",
                "206631607936861148176152683792583540414",
                "9215005589086874238127528465192045872",
                "48946470407621253620265668279939057360",
                "226281239586364064174689753965528176572",
                "76138557264806226408971212506060975842",
                "108738845569145914554428448868404370912",
                "319886930788573221464176214368913833452",
                "325256266842550690035999292283050782515",
                "22841347425408513428440478259607062154",
                "332207499759898005231752703518887283155",
                "205141785124310132013260706214741267250",
                "295049174230442586298062023612142189354",
                "334364163097344122040257471397235689835",
                "312171834191759199606028242440405079102",
                "318099905131393159109456978381311706658",
                "71104779237821758496147088346564735158",
                "59307520116128166772912342142864877021",
                "160713827357312717692171399622938481470",
                "63495844153004811965406956631491894336",
                "272173166130257116832164541196879336597",
                "187235482605960127643657369111972084755",
                "141829831875575522457711610660319709130",
                "127677031575017430914722634915694518669",
                "225745141581164917659028906801507405422",
                "63573375634137264288191548523451835710"
            ]
        },
        "target": {
            "file": "wiretap/cosine.c"
        },
        "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-4982eca5",
        "signature_type": "Line"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "164164664363376113915738465264645711083",
                "218190992994373923254597887909902822890",
                "52798886768876043936241770878048161212",
                "230595625262842088592325177626326546240",
                "92232844111643856777942192181886197556",
                "300999966298545824795824335284964317013",
                "337312807554302423209662444917214978838",
                "217874614340469416961280033056754294506",
                "257356729059182129612979137934200747797",
                "211113311778292275613276212856864405234",
                "111981555994965123831093323423374638923",
                "48221594476786706758829082408761812954",
                "189434367467641898187035474973285352436",
                "194354124797452814753365435508455672951",
                "330843763811906822994756843516961676778",
                "96617499703282383363265410014018722422",
                "303503679185838165061640986618462522020"
            ]
        },
        "target": {
            "file": "wiretap/cosine.c"
        },
        "source": "https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-52b7ff22",
        "signature_type": "Line"
    },
    {
        "digest": {
            "function_hash": "141404835674435111223070324271700364626",
            "length": 437.0
        },
        "target": {
            "file": "wiretap/cosine.c",
            "function": "cosine_read"
        },
        "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-76d36772",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "48806803265960432095061258474533884800",
            "length": 804.0
        },
        "target": {
            "file": "wiretap/cosine.c",
            "function": "parse_cosine_hex_dump"
        },
        "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-7922711d",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "162427201729681649956150960756065302670",
            "length": 620.0
        },
        "target": {
            "file": "wiretap/cosine.c",
            "function": "cosine_seek_read"
        },
        "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-877a7bee",
        "signature_type": "Function"
    },
    {
        "digest": {
            "function_hash": "234819697911434538364754517510413998386",
            "length": 3710.0
        },
        "target": {
            "file": "wiretap/cosine.c",
            "function": "parse_cosine_packet"
        },
        "source": "https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-5356-fca8ded0",
        "signature_type": "Function"
    }
]

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected