{"id":"CVE-2016-4085","details":"Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.","modified":"2026-07-08T05:48:11.592718143Z","published":"2016-04-25T10:59:10.380Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.0"},{"last_affected":"8.0"}],"source":"CPE_STRING","vendor_product":"debian:debian_linux"},{"source":"CPE_STRING","vendor_product":"oracle:solaris","cpes":["cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"11.3"},{"last_affected":"11.3"}]}]},"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1035685"},{"type":"WEB","url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3585"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/87467"},{"type":"ADVISORY","url":"http://www.wireshark.org/security/wnpa-sec-2016-28.html"},{"type":"REPORT","url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wireshark/wireshark","events":[{"introduced":"4fab41a1f0e14e9124ea6a61e7bae42e95599495"},{"last_affected":"a16e22ed9cbbc599fe8b7b8e40a6696a0138c489"}],"database_specific":{"source":"CPE_STRING","cpe":["cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.9:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.10:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.12.0"},{"last_affected":"1.12.0"},{"introduced":"1.12.1"},{"last_affected":"1.12.1"},{"introduced":"1.12.2"},{"last_affected":"1.12.2"},{"introduced":"1.12.3"},{"last_affected":"1.12.3"},{"introduced":"1.12.4"},{"last_affected":"1.12.4"},{"introduced":"1.12.5"},{"last_affected":"1.12.5"},{"introduced":"1.12.6"},{"last_affected":"1.12.6"},{"introduced":"1.12.7"},{"last_affected":"1.12.7"},{"introduced":"1.12.8"},{"last_affected":"1.12.8"},{"introduced":"1.12.9"},{"last_affected":"1.12.9"},{"introduced":"1.12.10"},{"last_affected":"1.12.10"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"},{"introduced":"2.0.1"},{"last_affected":"2.0.1"},{"introduced":"2.0.2"},{"last_affected":"2.0.2"}]}}],"versions":["1.12.0","1.12.1","1.12.10","1.12.2","1.12.3","1.12.4","1.12.5","1.12.6","1.12.7","1.12.8","1.12.9","2.0.0","2.0.1","2.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4085.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/wireshark/wireshark","events":[{"introduced":"4fab41a1f0e14e9124ea6a61e7bae42e95599495"},{"last_affected":"a16e22ed9cbbc599fe8b7b8e40a6696a0138c489"}],"database_specific":{"source":"CPE_STRING","cpe":["cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.1:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.2:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.3:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.4:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.5:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.6:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.7:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.8:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.9:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:1.12.10:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.12.0"},{"last_affected":"1.12.0"},{"introduced":"1.12.1"},{"last_affected":"1.12.1"},{"introduced":"1.12.2"},{"last_affected":"1.12.2"},{"introduced":"1.12.3"},{"last_affected":"1.12.3"},{"introduced":"1.12.4"},{"last_affected":"1.12.4"},{"introduced":"1.12.5"},{"last_affected":"1.12.5"},{"introduced":"1.12.6"},{"last_affected":"1.12.6"},{"introduced":"1.12.7"},{"last_affected":"1.12.7"},{"introduced":"1.12.8"},{"last_affected":"1.12.8"},{"introduced":"1.12.9"},{"last_affected":"1.12.9"},{"introduced":"1.12.10"},{"last_affected":"1.12.10"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"},{"introduced":"2.0.1"},{"last_affected":"2.0.1"},{"introduced":"2.0.2"},{"last_affected":"2.0.2"}]}}],"versions":["1.12.0","1.12.1","1.12.10","1.12.2","1.12.3","1.12.4","1.12.5","1.12.6","1.12.7","1.12.8","1.12.9","2.0.0","2.0.1","2.0.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}