Lucene search
HistoryApr 24, 2014 - 10:55 a.m.
CVE-2014-2907
cve-2014-2907
wireshark
rtp
denial of service
application crash
srtp
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.2%
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Affected configurations
Node
wiresharkwiresharkMatch1.10.0
ORwiresharkwiresharkMatch1.10.1
ORwiresharkwiresharkMatch1.10.2
ORwiresharkwiresharkMatch1.10.3
ORwiresharkwiresharkMatch1.10.4
ORwiresharkwiresharkMatch1.10.5
ORwiresharkwiresharkMatch1.10.6
Related
openvas
openvas
Fedora Update for wireshark FEDORA-2014-5514
2014-05-02 00:00:00
Fedora Update for wireshark FEDORA-2014-5514
2014-05-02 00:00:00
mageia
mageia
Updated wireshark package fixes CVE-2014-2907
2014-04-28 01:17:34
nessus
nessus
Fedora 20 : wireshark-1.10.7-1.fc20 (2014-5514)
2014-04-25 00:00:00
openSUSE Security Update : wireshark (openSUSE-SU-2014:0612-1)
2014-06-13 00:00:00
Wireshark 1.10.x < 1.10.7 DoS
2014-05-05 00:00:00
cvelist
cvelist
CVE-2014-2907
2014-04-24 10:00:00
debiancve
debiancve
CVE-2014-2907
2014-04-24 10:55:02
prion
prion
Design/Logic Flaw
2014-04-24 10:55:00
nvd
nvd
CVE-2014-2907
2014-04-24 10:55:02
ubuntucve
ubuntucve
CVE-2014-2907
2014-04-24 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: wireshark-1.10.7-1.fc20
2014-04-25 04:27:35
gentoo
gentoo
Wireshark: Multiple vulnerabilities
2014-06-29 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.2%
Related for CVE-2014-2907