Published: 11/03/2014 Updated: 12/08/2015

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x prior to 1.8.13 and 1.10.x prior to 1.10.6 does not validate a certain length value, which allows remote malicious users to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.8.3
wireshark wireshark 1.8.5
wireshark wireshark 1.8.0
wireshark wireshark 1.8.6
wireshark wireshark 1.8.7
wireshark wireshark 1.8.8
wireshark wireshark 1.8.9
wireshark wireshark 1.8.1
wireshark wireshark 1.8.10
wireshark wireshark 1.8.11
wireshark wireshark 1.8.12
wireshark wireshark 1.8.2
wireshark wireshark 1.8.4
wireshark wireshark 1.10.0
wireshark wireshark 1.10.2
wireshark wireshark 1.10.3
wireshark wireshark 1.10.4
wireshark wireshark 1.10.5
wireshark wireshark 1.10.1

Debian Bug report logs - #776135 wireshark: Multiple security issues in 1122 and prior versions Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: balint@balintreczeyhu Date: Sat, 24 Jan 2015 10:51:01 UTC Severity: ...

Debian Bug report logs - #780372 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Th ...

Multiple vulnerabilities were discovered in Wireshark: CVE-2014-2281 Moshe Kaplan discovered that the NFS dissector could be crashed, resulting in denial of service CVE-2014-2283 It was discovered that the RLC dissector could be crashed, resulting in denial of service CVE-2014-2299 Wesley Neelen discovered a buffer overflow i ...

Two flaws were found in Wireshark If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark (CVE-2014-2281, CVE-2014-2299) Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malfor ...

The nfs_name_snoop_add_name function in epan/dissectors/packet-nfsc in the NFS dissector in Wireshark 18x before 1813 and 110x before 1106 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet ...

CWE-20 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875 http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875 http://www.wireshark.org/security/wnpa-sec-2014-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672 http://www.debian.org/security/2014/dsa-2871 http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html http://secunia.com/advisories/57480 http://secunia.com/advisories/57489 http://rhn.redhat.com/errata/RHSA-2014-0342.html http://rhn.redhat.com/errata/RHSA-2014-0341.html https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10 http://www.securitytracker.com/id/1029907 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776135 https://access.redhat.com/security/cve/cve-2014-2281 https://www.debian.org/security/./dsa-2871

CVE-2014-2281

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect