Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-6424

The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.

Related bugs and status

CVE-2014-6424 (Candidate) is related to these bugs:

Bug #1567407: [SRU] Update to bugfix release 1.10.14 in Trusty

Summary				In	Importance	Status
	1567407	[SRU] Update to bugfix release 1.10.14 in Trusty		wireshark (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.wireshark.o...
CONFIRM: https://bugs.wireshark...
CONFIRM: https://code.wireshark...
SUSE: SUSE-SU-2014:1221
SUSE: openSUSE-SU-2014:1249
DEBIAN: DSA-3049
SECUNIA: 60578
SECUNIA: 60280
CONFIRM: http://linux.oracle.co...
SECUNIA: 61929
REDHAT: RHSA-2014:1676