CVE-2014-2907

Published: Apr 24, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected (7)

Products: Wireshark: Wireshark

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3
Wireshark Wireshark	Version 1.10.4
Wireshark Wireshark	Version 1.10.5
Wireshark Wireshark	Version 1.10.6

References (8)

http://lists.opensuse.org/opensuse-updates/2014-05/msg00022.html

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2014-06.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885

Source: cve@mitre.org

Exploit

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-05/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2014-06.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.