CVE-2016-9373

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.0.0 through 2.0.7 Wireshark versions 2.2.0 through 2.2.1

Description The issue is related to a crash with a use-after-free in the DCERPC dissector, which can be triggered by network traffic or a capture file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Wireshark versions 2.0.0 through 2.0.7, update to a version where the wmem file scope is used for private strings in the DCERPC dissector. For Wireshark versions 2.2.0 through 2.2.1, update to a version where the wmem file scope is used for private strings in the DCERPC dissector. As a temporary workaround, consider restricting the use of the DCERPC dissector until a patch is available.