CVE-2014-6431

2014-09-2010:55:06

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-6431

buffer overflow

snifferdecompress

wireshark

nvd

dos

remote attackers

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.

Affected configurations

NVD

Node

wiresharkwiresharkMatch1.10.0

wiresharkwiresharkMatch1.10.1

wiresharkwiresharkMatch1.10.2

wiresharkwiresharkMatch1.10.3

wiresharkwiresharkMatch1.10.4

wiresharkwiresharkMatch1.10.5

wiresharkwiresharkMatch1.10.6

wiresharkwiresharkMatch1.10.7

wiresharkwiresharkMatch1.10.8

wiresharkwiresharkMatch1.10.9

wiresharkwiresharkMatch1.12.0

CPENameOperatorVersion
wireshark:wiresharkwiresharkeq1.10.0
wireshark:wiresharkwiresharkeq1.10.1
wireshark:wiresharkwiresharkeq1.10.2
wireshark:wiresharkwiresharkeq1.10.3
wireshark:wiresharkwiresharkeq1.10.4
wireshark:wiresharkwiresharkeq1.10.5
wireshark:wiresharkwiresharkeq1.10.6
wireshark:wiresharkwiresharkeq1.10.7
wireshark:wiresharkwiresharkeq1.10.8
wireshark:wiresharkwiresharkeq1.10.9

CPE	Name	Operator	Version
wireshark:wireshark	wireshark	eq	1.10.0
wireshark:wireshark	wireshark	eq	1.10.1
wireshark:wireshark	wireshark	eq	1.10.2
wireshark:wireshark	wireshark	eq	1.10.3
wireshark:wireshark	wireshark	eq	1.10.4
wireshark:wireshark	wireshark	eq	1.10.5
wireshark:wireshark	wireshark	eq	1.10.6
wireshark:wireshark	wireshark	eq	1.10.7
wireshark:wireshark	wireshark	eq	1.10.8
wireshark:wireshark	wireshark	eq	1.10.9