vulnerability

Wireshark : CVE-2016-4078 : IEEE 802.11 dissector crash

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Apr 25, 2016

Added

Oct 4, 2017

Modified

Mar 30, 2026

Description

The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.

Solution

wireshark-upgrade-2_0_3

References

CVE-2016-4078
https://attackerkb.com/topics/CVE-2016-4078
CWE-20
EUVD-EUVD-2016-5079
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-5079
https://www.wireshark.org/security/wnpa-sec-2016-21.html

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report