Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-6429

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Related bugs and status

CVE-2014-6429 (Candidate) is related to these bugs:

Bug #1567407: [SRU] Update to bugfix release 1.10.14 in Trusty

Summary				In	Importance	Status
	1567407	[SRU] Update to bugfix release 1.10.14 in Trusty		wireshark (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.wireshark.o...
CONFIRM: https://bugs.wireshark...
CONFIRM: https://code.wireshark...
SUSE: SUSE-SU-2014:1221
SUSE: openSUSE-SU-2014:1249
DEBIAN: DSA-3049
SECUNIA: 60578
SECUNIA: 60280
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
SECUNIA: 61929
SECUNIA: 61933
REDHAT: RHSA-2014:1676
REDHAT: RHSA-2014:1677