Computer Security
[EN] securityvulns.ru no-pyccku


wireshark multiple security vulnerabilities
Published:24.11.2014
Source:
SecurityVulns ID:14095
Type:remote
Threat Level:
5/10
Description:Buffer overflow and DoS-conditions on different protocols parsing.
Affected:WIRESHARK : Wireshark 1.10
CVE:CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.)
 CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.)
 CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.)
 CVE-2014-8714 (The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2014-8713 (Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2014-8712 (The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2014-8711 (Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.)
 CVE-2014-8710 (The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.)
Original documentdocumentmail_(at)_steffenbauch.de, CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload (24.11.2014)
 documentmail_(at)_steffenbauch.de, CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload (24.11.2014)
 documentmail_(at)_steffenbauch.de, CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload (24.11.2014)
 documentMANDRIVA, [ MDVSA-2014:223 ] wireshark (24.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod