MiracleLinux 4 : wireshark-1.8.10-8.AXS4 (AXSA:2014-616:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-616:03 advisory. Description : Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and...

EUVD-2014-2930

Malware in sbrugna...

K16939: Multiple Wireshark vulnerabilities

Security Advisory Description Description CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP...

SUSE CVE-2014-2907

The srtpaddaddress function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2014-6421

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark11)

The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory...

MGASA-2014-0386 Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: RTP dissector crash CVE-2014-6421, CVE-2014-6422. MEGACO dissector infinite loop CVE-2014-6423. Netflow dissector crash CVE-2014-6424. RTSP dissector crash CVE-2014-6427. SES dissector crash CVE-2014-6428. Sniffer file parser crash...

Updated wireshark packages fix security vulnerabilities

Updated wireshark packages fix security vulnerabilities: RTP dissector crash CVE-2014-6421, CVE-2014-6422. MEGACO dissector infinite loop CVE-2014-6423. Netflow dissector crash CVE-2014-6424. RTSP dissector crash CVE-2014-6427. SES dissector crash CVE-2014-6428. Sniffer file parser crash...

Wireshark Denial of Service Vulnerability-03 (Sep 2014) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Wireshark Denial of Service Vulnerability-03 (Sep 2014) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

CVE-2014-6422

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service application crash via a crafted packet to the RTP dissector...

Code injection

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service application crash via a crafted packet to the RTP dissector...

CVE-2014-6422

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service application crash via a crafted packet to the RTP dissector...

CVE-2014-6422

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service application crash via a crafted packet to the RTP dissector...

CVE-2014-6422

The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service application crash via a crafted packet to the RTP dissector...

openSUSE Security Update : wireshark (openSUSE-SU-2014:0612-1)

This wireshark update to version 1.10.7 fixes the following security issue : - bnc874760: Fixed RTP dissector vulnerabilities CVE-2014-2907. - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.7 .html %NASLMINLEVEL 70300 C Tenable...

Wireshark 1.10.x < 1.10.7 DoS

The installed version of Wireshark 1.10.x is a version prior to 1.10.7. It is, therefore, affected by a denial of service vulnerability. A flaw exists with the RTP dissector when handling a malformed packet that could allow a remote attacker to crash Wireshark. Note that Nessus has not tested for...

Updated wireshark package fixes CVE-2014-2907

Updated wireshark packages fix security vulnerabilities: The RTP dissector could crash CVE-2014-2907. This update provides Wireshark version 1.10.7, which fixes this security issue, as well as several other bugs...

Design/Logic Flaw

The srtpaddaddress function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service application crash via a crafted packet...