CVE-2016-5356

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5356
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5356.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5356
Downstream
Related
Published
2016-08-07T16:59:10Z
Modified
2025-10-07T22:55:43.974380Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a66628e425db725df1ac52a3c573a03357060ddd
Fixed
f5ec0afb766f19519ea9623152cca3bbe2229500
Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

Other

backups/ethereal@18706
ethereal-0-3-15
start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0

v2.*

v2.1.0rc0

wireshark-1.*

wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "139569648133174936995680122850924426149",
                "length": 2859.0
            },
            "signature_type": "Function",
            "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
            "target": {
                "file": "wiretap/cosine.c",
                "function": "parse_cosine_rec_hdr"
            },
            "id": "CVE-2016-5356-0d0e9d89",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "line_hashes": [
                    "71333923822682718027308170522297697116",
                    "148825741904739258044621541819718484529",
                    "258076794249418317877703304630380750277",
                    "301631587790100395817448942962281299575",
                    "259214332604082233685396186735349173871",
                    "336514937699450282869340146417706847316",
                    "237417998883945208484368833853712304021",
                    "169133747316324202002614374790615220865",
                    "51710834043792237729907852343981602393",
                    "338063757848004913697618673350519739340",
                    "283708670620639808617747627923471401057",
                    "317941198244658157104117708188402127886",
                    "337091706102247004722815530270869850595",
                    "297619019263805389752419967625948939761",
                    "181119350125597751575351299619626887728",
                    "152024026949585661293378260989567859541",
                    "60281315064754530619078856340098131796",
                    "239768735720645694243752556225576027493",
                    "81142515836288981121454149355211213945",
                    "141313813907425311873698091218738487165",
                    "301098176586959383548643099943166057319",
                    "271528530801346505842464360024129873089",
                    "77197104754355865602041160023941016146",
                    "281856074811471429548677955440458514158",
                    "15684530757511478212835472210233672700",
                    "252538957748358257149041746381260252186",
                    "227766434670231356870621853933774984288",
                    "102799019195563740730021370995209767132",
                    "229414221062285070380803237614218335726",
                    "118880341625886206813748083254635707018",
                    "289192048670625705456244812244948530345",
                    "77582077685452351292195854807762077896",
                    "328460811897439175775374225781754645407",
                    "42598608447562250460784992532146159510",
                    "70980633982689581448348762832786500630",
                    "259097281410863872747494658649385045429",
                    "312113404933227177706258261488420276928",
                    "157547284173881130323857632171801983952",
                    "54804721415805361157196124729944690735",
                    "77997723401573734414086558596934869371",
                    "151799025519759521333502869509812509867",
                    "93205087977497115982562983458840988439",
                    "71836857647894980268341033255272712597",
                    "197693468289958457159528040136517606406",
                    "26754213950114766914133878814724769521",
                    "92450965267007418890689887346631271524",
                    "329811632476508564496024411318663214545",
                    "299568405862922102570475932348181731312",
                    "264614511285649832178596903540128344438",
                    "46340605494512847284082442404175006016",
                    "309131992411370574569411545613684937451",
                    "164367953757794853375040534315005703831",
                    "109353496393306513026402724915639571668",
                    "292741186738175222945989572890595198705",
                    "273887072230080492776600664855789797196",
                    "217499827469868787390918562759360366106",
                    "206631607936861148176152683792583540414",
                    "9215005589086874238127528465192045872",
                    "48946470407621253620265668279939057360",
                    "226281239586364064174689753965528176572",
                    "76138557264806226408971212506060975842",
                    "108738845569145914554428448868404370912",
                    "319886930788573221464176214368913833452",
                    "325256266842550690035999292283050782515",
                    "22841347425408513428440478259607062154",
                    "332207499759898005231752703518887283155",
                    "205141785124310132013260706214741267250",
                    "295049174230442586298062023612142189354",
                    "334364163097344122040257471397235689835",
                    "312171834191759199606028242440405079102",
                    "318099905131393159109456978381311706658",
                    "71104779237821758496147088346564735158",
                    "59307520116128166772912342142864877021",
                    "160713827357312717692171399622938481470",
                    "63495844153004811965406956631491894336",
                    "272173166130257116832164541196879336597",
                    "187235482605960127643657369111972084755",
                    "141829831875575522457711610660319709130",
                    "127677031575017430914722634915694518669",
                    "225745141581164917659028906801507405422",
                    "63573375634137264288191548523451835710"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
            "target": {
                "file": "wiretap/cosine.c"
            },
            "id": "CVE-2016-5356-4982eca5",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "141404835674435111223070324271700364626",
                "length": 437.0
            },
            "signature_type": "Function",
            "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
            "target": {
                "file": "wiretap/cosine.c",
                "function": "cosine_read"
            },
            "id": "CVE-2016-5356-76d36772",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "48806803265960432095061258474533884800",
                "length": 804.0
            },
            "signature_type": "Function",
            "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
            "target": {
                "file": "wiretap/cosine.c",
                "function": "parse_cosine_hex_dump"
            },
            "id": "CVE-2016-5356-7922711d",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "162427201729681649956150960756065302670",
                "length": 620.0
            },
            "signature_type": "Function",
            "source": "https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500",
            "target": {
                "file": "wiretap/cosine.c",
                "function": "cosine_seek_read"
            },
            "id": "CVE-2016-5356-877a7bee",
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}