CVE-2014-2283

Published: Mar 11, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.

Affected (19)

Products: Wireshark: Wireshark

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.8.0
Wireshark Wireshark	Version 1.8.10
Wireshark Wireshark	Version 1.8.11
Wireshark Wireshark	Version 1.8.12
Wireshark Wireshark	Version 1.8.1
Wireshark Wireshark	Version 1.8.2
Wireshark Wireshark	Version 1.8.3
Wireshark Wireshark	Version 1.8.4
Wireshark Wireshark	Version 1.8.5
Wireshark Wireshark	Version 1.8.6
Wireshark Wireshark	Version 1.8.7
Wireshark Wireshark	Version 1.8.8
Wireshark Wireshark	Version 1.8.9

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3
Wireshark Wireshark	Version 1.10.4
Wireshark Wireshark	Version 1.10.5

References (24)

http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-0342.html

Source: cve@mitre.org

http://secunia.com/advisories/57480

Source: cve@mitre.org

http://secunia.com/advisories/57489

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-2871

Source: cve@mitre.org

http://www.securitytracker.com/id/1029907

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2014-03.html

Source: cve@mitre.org

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10

Source: cve@mitre.org

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730

Source: cve@mitre.org

Exploit

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802

Source: cve@mitre.org

Exploit

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=217293ba4a0353bf5d657e74fe8623dd3c86fe08

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-0342.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57480

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57489

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2871

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1029907

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2014-03.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=217293ba4a0353bf5d657e74fe8623dd3c86fe08

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.