Multiple vulnerabilities in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2014-8713 CVE-2014-8714 CVE-2014-8712 CVE-2014-8711 CVE-2014-8710 |
| CWE-ID | CWE-121 CWE-399 CWE-20 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Wireshark.org |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU41083
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-8713
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector when processing a crafted packet. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html
https://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html
https://rhn.redhat.com/errata/RHSA-2015-1460.html
https://secunia.com/advisories/60231
https://secunia.com/advisories/60290
https://www.debian.org/security/2014/dsa-3076
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.securityfocus.com/bid/71073
https://www.wireshark.org/security/wnpa-sec-2014-22.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10552
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b9988e2bbfc7c6c41ef82c559bd11a8c19170491
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU41084
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-8714
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.10:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html
https://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html
https://rhn.redhat.com/errata/RHSA-2015-1460.html
https://secunia.com/advisories/60231
https://secunia.com/advisories/60290
https://www.debian.org/security/2014/dsa-3076
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.securityfocus.com/bid/71072
https://www.wireshark.org/security/wnpa-sec-2014-23.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1463db37d9bbc9cd532afdf2817caaf8eb367831
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bc2726578156f3608960fc65ce1f691639e6addc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU41085
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-8712
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html
https://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html
https://rhn.redhat.com/errata/RHSA-2015-1460.html
https://secunia.com/advisories/60231
https://secunia.com/advisories/60290
https://www.debian.org/security/2014/dsa-3076
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.securityfocus.com/bid/71071
https://www.wireshark.org/security/wnpa-sec-2014-22.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10628
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=41f6923b3049dfb57bef544a4c580f256f807e85
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU41086
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-8711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.1:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html
https://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html
https://rhn.redhat.com/errata/RHSA-2015-1460.html
https://secunia.com/advisories/60231
https://secunia.com/advisories/60290
https://www.debian.org/security/2014/dsa-3076
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.securityfocus.com/bid/71070
https://www.wireshark.org/security/wnpa-sec-2014-21.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10582
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8def8ef9c40189472a46d9b1ad95289780e09af5
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8f62bb7cce5a82baa543b14800fd7c12548b497a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU41087
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-8710
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11. A remote attacker can perform a denial of service (buffer over-read and application crash) via a crafted packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.10.0 - 1.12.1
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.12.1:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html
https://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html
https://rhn.redhat.com/errata/RHSA-2015-1460.html
https://secunia.com/advisories/60231
https://secunia.com/advisories/60290
https://www.debian.org/security/2014/dsa-3076
https://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.securityfocus.com/bid/71069
https://www.wireshark.org/security/wnpa-sec-2014-20.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10662
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2bd15c7cefcf87aa6b2d9d53477f0ece897ba620
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
