Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:29246
[Rus]
Version
6
Class
patch
ALTXid
177746
Language
English
Severity
Medium
Title
openSUSE-SU-2014:1249-1 -- wireshark: update to 1.10.10 security release
Description
Wireshark was update to 1.10.10 [bnc#897055]
On openSUSE 12.3, the package was upgraded to 1.10.x from 1.8.x as it was
discontinued
Family
unix
Platform
openSUSE 12.3
openSUSE 13.1
Product
wireshark
Reference
VENDOR: openSUSE-SU-2014:1249-1
VENDOR: openSUSE-SU-2014:1249-1
Id:
openSUSE-SU-2014:1249-1
Reference:
https://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
CVE: CVE-2014-5161
CVE: CVE-2014-5161
Id:
CVE-2014-5161
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161
Comment
: The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-08.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
DSA-3002 (DEBIAN)
SUSE-SU-2014:1221 (SUSE)
openSUSE-SU-2014:1038 (SUSE)
57593 (SECUNIA)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=16f8ba1bed579344df373bf38fff552ab8baf380 ()
CVE: CVE-2014-5162
CVE: CVE-2014-5162
Id:
CVE-2014-5162
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162
Comment
: The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-08.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
DSA-3002 (DEBIAN)
SUSE-SU-2014:1221 (SUSE)
openSUSE-SU-2014:1038 (SUSE)
57593 (SECUNIA)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=16f8ba1bed579344df373bf38fff552ab8baf380 ()
CVE: CVE-2014-5163
CVE: CVE-2014-5163
Id:
CVE-2014-5163
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163
Comment
: The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-09.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10216 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
DSA-3002 (DEBIAN)
SUSE-SU-2014:1221 (SUSE)
openSUSE-SU-2014:1038 (SUSE)
57593 (SECUNIA)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3fc441e7a5008640c68ec985e669d5092414a519 ()
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=dd7134d907350ccc574cdec596f4162860912bb9 ()
CVE: CVE-2014-5164
CVE: CVE-2014-5164
Id:
CVE-2014-5164
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164
Comment
: The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9795 (CONFIRM)
http://www.wireshark.org/security/wnpa-sec-2014-10.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
DSA-3002 (DEBIAN)
SUSE-SU-2014:1221 (SUSE)
openSUSE-SU-2014:1038 (SUSE)
57593 (SECUNIA)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=ba6eb5c72ffe82ca0e51c7083240975a5b118ad2 ()
CVE: CVE-2014-5165
CVE: CVE-2014-5165
Id:
CVE-2014-5165
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165
Comment
: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-11.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10187 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
DSA-3002 (DEBIAN)
SUSE-SU-2014:1221 (SUSE)
openSUSE-SU-2014:1038 (SUSE)
57593 (SECUNIA)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=17a552666b50896a9b9dde8ee6a1052e7f9a622e ()
CVE: CVE-2014-6421
CVE: CVE-2014-6421
Id:
CVE-2014-6421
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421
Comment
: Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920 (CONFIRM)
http://www.wireshark.org/security/wnpa-sec-2014-12.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=04c05a21e34cec326f1aff2f5f8a6e74e1ced984 ()
CVE: CVE-2014-6422
CVE: CVE-2014-6422
Id:
CVE-2014-6422
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422
Comment
: The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-12.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=04c05a21e34cec326f1aff2f5f8a6e74e1ced984 ()
CVE: CVE-2014-6423
CVE: CVE-2014-6423
Id:
CVE-2014-6423
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423
Comment
: The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10333 (CONFIRM)
http://www.wireshark.org/security/wnpa-sec-2014-13.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9112a099d7cc2cd924b7c667bf27f6e112b970c6 ()
CVE: CVE-2014-6424
CVE: CVE-2014-6424
Id:
CVE-2014-6424
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424
Comment
: The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-14.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
61929 (SECUNIA)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=44698259b1f5865c60323acaf2a633654a2abe81 ()
CVE: CVE-2014-6427
CVE: CVE-2014-6427
Id:
CVE-2014-6427
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427
Comment
: Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10381 (CONFIRM)
http://www.wireshark.org/security/wnpa-sec-2014-17.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
61929 (SECUNIA)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=73959159dbf34b4a0b50fbd19e05cb1b470be9b0 ()
CVE: CVE-2014-6428
CVE: CVE-2014-6428
Id:
CVE-2014-6428
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428
Comment
: The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-18.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10454 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=433a444d148f86f2562f804d25a57d00dc277cc0 ()
CVE: CVE-2014-6429
CVE: CVE-2014-6429
Id:
CVE-2014-6429
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429
Comment
: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
20 (Improper Input Validation)
References:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461 (CONFIRM)
http://www.wireshark.org/security/wnpa-sec-2014-19.html (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=47c592938ba9f0caeacc4c2ccadb370e72f293a2 ()
CVE: CVE-2014-6430
CVE: CVE-2014-6430
Id:
CVE-2014-6430
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430
Comment
: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
20 (Improper Input Validation)
References:
http://www.wireshark.org/security/wnpa-sec-2014-19.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=47c592938ba9f0caeacc4c2ccadb370e72f293a2 ()
CVE: CVE-2014-6431
CVE: CVE-2014-6431
Id:
CVE-2014-6431
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431
Comment
: Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.wireshark.org/security/wnpa-sec-2014-19.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=47c592938ba9f0caeacc4c2ccadb370e72f293a2 ()
CVE: CVE-2014-6432
CVE: CVE-2014-6432
Id:
CVE-2014-6432
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432
Comment
: The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
http://www.wireshark.org/security/wnpa-sec-2014-19.html (CONFIRM)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461 (CONFIRM)
openSUSE-SU-2014:1249 (SUSE)
SUSE-SU-2014:1221 (SUSE)
60578 (SECUNIA)
DSA-3049 (DEBIAN)
60280 (SECUNIA)
http://linux.oracle.com/errata/ELSA-2014-1676 (CONFIRM)
http://linux.oracle.com/errata/ELSA-2014-1677 (CONFIRM)
61929 (SECUNIA)
61933 (SECUNIA)
RHSA-2014:1677 (REDHAT)
RHSA-2014:1676 (REDHAT)
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=47c592938ba9f0caeacc4c2ccadb370e72f293a2 ()
Content available only for registered users!
ovaldb@altx-soft.com