Summary
This host is installed with Wireshark
and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow
attacker to cause denial of service attack.
Impact Level: Application
Solution
Upgrade to version 1.12.1, 1.10.10 or later,
For updates refer to https://www.wireshark.org
Insight
Multiple flaws are due to,
- SnifferDecompress function does not prevent data overwrites, validate bitmask data, and does not properly handle empty input data.
- Improper initialization of certain ID value in the dissect_spdu function under SES dissector.
- Off-by-one error in the is_rtsp_request_or_reply function under the RTSP dissector.
- The dissect_v9_v10_pdu_data function under Netflow dissector refers incorrect offset and start variables.
- An error in tvb_raw_text_add function in MEGACO dissector
Affected
Wireshark version 1.10.x
before 1.10.10 and 1.12.x before 1.12.1 on Mac OS X
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-6423, CVE-2014-6424, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities