Published: 11/03/2014 Updated: 04/04/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x prior to 1.10.6 does not properly allocate memory, which allows remote malicious users to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark 1.10.0
wireshark wireshark 1.10.1
wireshark wireshark 1.10.2
wireshark wireshark 1.10.3
wireshark wireshark 1.10.4
wireshark wireshark 1.10.5

The dissect_protocol_data_parameter function in epan/dissectors/packet-m3uac in the M3UA dissector in Wireshark 110x before 1106 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet ...

CWE-119 http://anonsvn.wireshark.org/viewvc?view=revision&revision=51608 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699 http://www.wireshark.org/security/wnpa-sec-2014-02.html http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&r2=51607&pathrev=51608 http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html http://secunia.com/advisories/57480 http://www.securitytracker.com/id/1029907 https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-2282

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2282

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect