CVE-2014-6432 | Vulnerability Database | Aqua Security

The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.10.0 (including)	1.10.0 (including)
Wireshark	Wireshark	1.10.1 (including)	1.10.1 (including)
Wireshark	Wireshark	1.10.2 (including)	1.10.2 (including)
Wireshark	Wireshark	1.10.3 (including)	1.10.3 (including)
Wireshark	Wireshark	1.10.4 (including)	1.10.4 (including)
Wireshark	Wireshark	1.10.5 (including)	1.10.5 (including)
Wireshark	Wireshark	1.10.6 (including)	1.10.6 (including)
Wireshark	Wireshark	1.10.7 (including)	1.10.7 (including)
Wireshark	Wireshark	1.10.8 (including)	1.10.8 (including)
Wireshark	Wireshark	1.10.9 (including)	1.10.9 (including)
Wireshark	Wireshark	1.12.0 (including)	1.12.0 (including)

References

http://linux.oracle.com/errata/ELSA-2014-1676
http://linux.oracle.com/errata/ELSA-2014-1677
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
http://rhn.redhat.com/errata/RHSA-2014-1676.html
http://rhn.redhat.com/errata/RHSA-2014-1677.html
http://secunia.com/advisories/60280
http://secunia.com/advisories/60578
http://secunia.com/advisories/61929
http://secunia.com/advisories/61933
http://www.debian.org/security/2014/dsa-3049
http://www.wireshark.org/security/wnpa-sec-2014-19.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=47c592938ba9f0caeacc4c2ccadb370e72f293a2

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-6432
CWE	https://cwe.mitre.org/data/definitions/399.html