Wireshark ASN.1 BER Dissector CVE-2014-5165 Denial of Service Vulnerability
BID:69000
Info
Wireshark ASN.1 BER Dissector CVE-2014-5165 Denial of Service Vulnerability
| Bugtraq ID: | 69000 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2014-5165 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 01 2014 12:00AM |
| Updated: | Apr 13 2015 10:25PM |
| Credit: | Buildbot Builder |
| Vulnerable: |
Wireshark Wireshark 1.10.8 Wireshark Wireshark 1.10.7 Wireshark Wireshark 1.10.6 Wireshark Wireshark 1.10.5 Wireshark Wireshark 1.10.4 Wireshark Wireshark 1.10.3 Wireshark Wireshark 1.10.2 Wireshark Wireshark 1.10.1 Wireshark Wireshark 1.10 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Wireshark Wireshark 1.10.9 |
Discussion
Wireshark ASN.1 BER Dissector CVE-2014-5165 Denial of Service Vulnerability
Wireshark is prone to a denial-of-service vulnerability.
An attacker can leverage this issue to crash the affected application, denying service to legitimate users.
Wireshark versions 1.10.0 through 1.10.8 are vulnerable.
Wireshark is prone to a denial-of-service vulnerability.
An attacker can leverage this issue to crash the affected application, denying service to legitimate users.
Wireshark versions 1.10.0 through 1.10.8 are vulnerable.
Exploit / POC
Wireshark ASN.1 BER Dissector CVE-2014-5165 Denial of Service Vulnerability
A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.
[email protected]
A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.
[email protected]
Solution / Fix
Wireshark ASN.1 BER Dissector CVE-2014-5165 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
-
Mandriva dumpcap-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wireshark-devel-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wireshark3-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wiretap3-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64wsutil3-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva rawshark-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva tshark-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wireshark-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva wireshark-tools-1.10.9-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
Wireshark ASN.1 BER Dissector CVE-2014-5165 Denial of Service Vulnerability
References:
References:
- Wireshark Homepage (Wireshark)
- wnpa-sec-2014-11 · ASN.1 BER dissector crash (wireshark)