Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 |
| CWE-ID | CWE-399 CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU41294
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6423
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-13.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10333
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9112a099d7cc2cd924b7c667bf27f6e112b970c6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU41295
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6424
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-14.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU41296
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6425
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '�' character.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.12.0
CPE2.3 External linkshttp://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.wireshark.org/security/wnpa-sec-2014-15.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10353
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c10396dbbf782a576bc1f9a931cf86090cec3878
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU41297
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6426
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.12.0
CPE2.3 External linkshttp://linux.oracle.com/errata/ELSA-2014-1676
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/61929
http://www.wireshark.org/security/wnpa-sec-2014-16.html
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d9e5021fe79973d00ddd8fcef0bbefbaae63dd0f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU41298
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6427
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-17.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73959159dbf34b4a0b50fbd19e05cb1b470be9b0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU41299
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6428
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-18.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10454
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=433a444d148f86f2562f804d25a57d00dc277cc0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU41300
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6429
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-19.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU41301
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6430
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-19.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU41302
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6431
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-19.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU41303
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-6432
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.0
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-19.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
