CVE-2014-6421

2014-09-2010:55:06

[email protected]

web.nvd.nist.gov

cve-2014-6421

sdp dissector

wireshark

vulnerability

denial of service

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.

Affected configurations

NVD

Node

wiresharkwiresharkMatch1.10.0

wiresharkwiresharkMatch1.10.1

wiresharkwiresharkMatch1.10.2

wiresharkwiresharkMatch1.10.3

wiresharkwiresharkMatch1.10.4

wiresharkwiresharkMatch1.10.5

wiresharkwiresharkMatch1.10.6

wiresharkwiresharkMatch1.10.7

wiresharkwiresharkMatch1.10.8

wiresharkwiresharkMatch1.10.9

CPENameOperatorVersion
wireshark:wiresharkwiresharkeq1.10.0
wireshark:wiresharkwiresharkeq1.10.1
wireshark:wiresharkwiresharkeq1.10.2
wireshark:wiresharkwiresharkeq1.10.3
wireshark:wiresharkwiresharkeq1.10.4
wireshark:wiresharkwiresharkeq1.10.5
wireshark:wiresharkwiresharkeq1.10.6
wireshark:wiresharkwiresharkeq1.10.7
wireshark:wiresharkwiresharkeq1.10.8
wireshark:wiresharkwiresharkeq1.10.9

CPE	Name	Operator	Version
wireshark:wireshark	wireshark	eq	1.10.0
wireshark:wireshark	wireshark	eq	1.10.1
wireshark:wireshark	wireshark	eq	1.10.2
wireshark:wireshark	wireshark	eq	1.10.3
wireshark:wireshark	wireshark	eq	1.10.4
wireshark:wireshark	wireshark	eq	1.10.5
wireshark:wireshark	wireshark	eq	1.10.6
wireshark:wireshark	wireshark	eq	1.10.7
wireshark:wireshark	wireshark	eq	1.10.8
wireshark:wireshark	wireshark	eq	1.10.9