CVE-2014-6421 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.10.0 (including)	1.10.0 (including)
Wireshark	Wireshark	1.10.1 (including)	1.10.1 (including)
Wireshark	Wireshark	1.10.2 (including)	1.10.2 (including)
Wireshark	Wireshark	1.10.3 (including)	1.10.3 (including)
Wireshark	Wireshark	1.10.4 (including)	1.10.4 (including)
Wireshark	Wireshark	1.10.5 (including)	1.10.5 (including)
Wireshark	Wireshark	1.10.6 (including)	1.10.6 (including)
Wireshark	Wireshark	1.10.7 (including)	1.10.7 (including)
Wireshark	Wireshark	1.10.8 (including)	1.10.8 (including)
Wireshark	Wireshark	1.10.9 (including)	1.10.9 (including)

References

http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.wireshark.org/security/wnpa-sec-2014-12.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9920
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=04c05a21e34cec326f1aff2f5f8a6e74e1ced984

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-6421
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html