Published: 19/12/2013 Updated: 19/04/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x prior to 1.8.12 and 1.10.x prior to 1.10.4 allow remote malicious users to cause a denial of service (application crash) via a long domain name in a packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.10.2
wireshark wireshark 1.10.3
wireshark wireshark 1.8.5
wireshark wireshark 1.8.6
wireshark wireshark 1.8.0
wireshark wireshark 1.8.1
wireshark wireshark 1.8.7
wireshark wireshark 1.8.8
wireshark wireshark 1.10.0
wireshark wireshark 1.10.1
wireshark wireshark 1.8.3
wireshark wireshark 1.8.4
wireshark wireshark 1.8.10
wireshark wireshark 1.8.11
wireshark wireshark 1.8.2
wireshark wireshark 1.8.9

Debian Bug report logs - #776135 wireshark: Multiple security issues in 1122 and prior versions Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: balint@balintreczeyhu Date: Sat, 24 Jan 2015 10:51:01 UTC Severity: ...

Debian Bug report logs - #780372 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Th ...

Two flaws were found in Wireshark If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark (CVE-2014-2281, CVE-2014-2299) Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malfor ...

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmsspc in the NTLMSSP v2 dissector in Wireshark 18x before 1812 and 110x before 1104 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet ...

CWE-119 http://www.wireshark.org/security/wnpa-sec-2013-68.html http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ntlmssp.c?r1=53626&r2=53625&pathrev=53626 http://anonsvn.wireshark.org/viewvc?view=revision&revision=53626 http://www.debian.org/security/2013/dsa-2825 http://secunia.com/advisories/56052 http://lists.opensuse.org/opensuse-updates/2014-01/msg00014.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00007.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00011.html http://secunia.com/advisories/56285 http://secunia.com/advisories/56313 http://www.mandriva.com/security/advisories?name=MDVSA-2013:296 http://rhn.redhat.com/errata/RHSA-2014-0342.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776135 https://access.redhat.com/security/cve/cve-2013-7114 https://alas.aws.amazon.com/ALAS-2014-330.html

CVE-2013-7114

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect