Lucene search

K

[email protected]NVD:CVE-2014-2282

HistoryMar 11, 2014 - 1:01 p.m.

CVE-2014-2282

2014-03-1113:01:10

CWE-119

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.

Affected configurations

NVD

Node

wiresharkwiresharkMatch1.10.0

OR

wiresharkwiresharkMatch1.10.1

OR

wiresharkwiresharkMatch1.10.2

OR

wiresharkwiresharkMatch1.10.3

OR

wiresharkwiresharkMatch1.10.4

OR

wiresharkwiresharkMatch1.10.5

References

anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&r2=51607&pathrev=51608

anonsvn.wireshark.org/viewvc?view=revision&revision=51608

lists.opensuse.org/opensuse-updates/2014-03/msg00046.html

secunia.com/advisories/57480

www.securitytracker.com/id/1029907

www.wireshark.org/security/wnpa-sec-2014-02.html

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10

bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

Related for NVD:CVE-2014-2282

openvas9 debiancve1 prion1 cvelist1 seebug1 cve1 ubuntucve1 fedora2 nessus7 mageia1 gentoo1