CVE-2014-2281

Published: Mar 11, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.

Affected (19)

Products: Wireshark: Wireshark

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.8.0
Wireshark Wireshark	Version 1.8.10
Wireshark Wireshark	Version 1.8.11
Wireshark Wireshark	Version 1.8.12
Wireshark Wireshark	Version 1.8.1
Wireshark Wireshark	Version 1.8.2
Wireshark Wireshark	Version 1.8.3
Wireshark Wireshark	Version 1.8.4
Wireshark Wireshark	Version 1.8.5
Wireshark Wireshark	Version 1.8.6
Wireshark Wireshark	Version 1.8.7
Wireshark Wireshark	Version 1.8.8
Wireshark Wireshark	Version 1.8.9

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3
Wireshark Wireshark	Version 1.10.4
Wireshark Wireshark	Version 1.10.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875

Source: cve@mitre.org

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0341.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0342.html

Source: cve@mitre.org

http://secunia.com/advisories/57480

Source: cve@mitre.org

http://secunia.com/advisories/57489

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-2871

Source: cve@mitre.org

http://www.securitytracker.com/id/1029907

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2014-01.html

Source: cve@mitre.org

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672

Source: cve@mitre.org

ExploitPatch

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0341.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0342.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57480

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57489

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2871

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1029907

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2014-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.