GIOP capture

vendor:

Wireshark

by:

Exploit Database

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Wireshark

Affected Version From: 2.0.3

Affected Version To: 2.0.3

Patch Exists: YES

Related CWE: CVE-2016-7255

CPE: a:wireshark:wireshark

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 8.1

2016

A buffer overflow vulnerability exists in GIOP capture version 2.0.3. A specially crafted packet can cause a buffer overflow, resulting in a denial of service or potentially allowing arbitrary code execution.

Mitigation:

Upgrade to the latest version of GIOP capture.

Source

Exploit-DB raw data:

GIOP capture

Build Information:
Version 2.0.3 (v2.0.3-0-geed34f0 from master-2.0)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 8.1, build 9600, with locale C, without WinPcap, with
GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
       Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz (with SSE4.2), with 16334MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40196.zip