Computer Security
[EN] securityvulns.ru no-pyccku


Wireshark multiple security vulnerabilities
Published:13.03.2014
Source:
SecurityVulns ID:13602
Type:remote
Threat Level:
5/10
Description:DoS in NFS and RLC dissectors, buffer overflow on MPEG parsing.
Affected:WIRESHARK : Wireshark 1.8
 WIRESHARK : Wireshark 1.10
CVE:CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.)
 CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.)
 CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:050 ] wireshark (13.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod