CVE-2014-8712

Published: Nov 23, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected (13)

Products: Wireshark: Wireshark

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.10
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3
Wireshark Wireshark	Version 1.10.4
Wireshark Wireshark	Version 1.10.5
Wireshark Wireshark	Version 1.10.6
Wireshark Wireshark	Version 1.10.7
Wireshark Wireshark	Version 1.10.8
Wireshark Wireshark	Version 1.10.9
Wireshark Wireshark	Version 1.12.0
Wireshark Wireshark	Version 1.12.1

Related CWEs

References (24)

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1460.html

Source: cve@mitre.org

http://secunia.com/advisories/60231

Source: cve@mitre.org

http://secunia.com/advisories/60290

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-3076

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/71071

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2014-22.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10628

Source: cve@mitre.org

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=41f6923b3049dfb57bef544a4c580f256f807e85

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145658.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-11/msg00104.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1460.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60231

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/60290

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3076

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/71071

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.wireshark.org/security/wnpa-sec-2014-22.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10628

Source: af854a3a-2127-422b-91ae-364da2661108

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=41f6923b3049dfb57bef544a4c580f256f807e85

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.