CVE-2016-4077

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.0.x through 2.0.2 Wireshark versions prior to 2.0.3

Description The issue relies on incorrect special-case handling of truncated Tvb data structures in epan/reassemble.c in TShark in Wireshark, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

Recommendations For Wireshark versions 2.0.x through 2.0.2, update to version 2.0.3 or later to resolve the issue. For Wireshark versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of TShark until a patch is available.