#VU41945 Buffer overflow in Wireshark - CVE-2014-2282

Cybersecurity Help s.r.o.

Published: 2014-03-11 | Updated: 2020-08-10

Vulnerability identifier: #VU41945

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-2282

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Wireshark.org

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.10.0 - 1.10.5

External links
https://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&r2=51607&pathrev=51608
https://anonsvn.wireshark.org/viewvc?view=revision&revision=51608
https://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html
https://secunia.com/advisories/57480
https://www.securitytracker.com/id/1029907
https://www.wireshark.org/security/wnpa-sec-2014-02.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Wireshark

Multiple vulnerabilities in Wireshark