Summary
This host is installed with Wireshark
and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow
attacker to cause denial of service attack.
Impact Level: Application
Solution
Upgrade to version 1.12.1, 1.10.10 or later,
For updates refer to https://www.wireshark.org
Insight
Multiple flaws are due to,
- SnifferDecompress function does not prevent data overwrites, validate bitmask data, and does not properly handle empty input data.
- Improper initialization of certain ID value in the dissect_spdu function under SES dissector.
- Off-by-one error in the is_rtsp_request_or_reply function under the RTSP dissector.
- The dissect_v9_v10_pdu_data function under Netflow dissector refers incorrect offset and start variables.
- An error in tvb_raw_text_add function in MEGACO dissector
Affected
Wireshark version 1.10.x
before 1.10.10 and 1.12.x before 1.12.1 on Windows
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-6423, CVE-2014-6424, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
- FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
- ejabberd XML Parsing Denial of Service Vulnerability (Windows)
- Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability