Vulnerability Name:

CVE-2014-6424 (CCN-96230)

Assigned:2014-08-13
Published:2014-08-13
Updated:2014-11-05
Summary:The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2014-6424

Source: CONFIRM
Type: UNKNOWN
http://linux.oracle.com/errata/ELSA-2014-1676

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1221

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1249

Source: CCN
Type: RHSA-2014-1676
Moderate: wireshark security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1676

Source: SECUNIA
Type: UNKNOWN
60280

Source: SECUNIA
Type: UNKNOWN
60578

Source: SECUNIA
Type: UNKNOWN
61929

Source: DEBIAN
Type: UNKNOWN
DSA-3049

Source: CCN
Type: BID-69862
Wireshark Netflow Dissector CVE-2014-6424 Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.wireshark.org/security/wnpa-sec-2014-14.html

Source: CONFIRM
Type: UNKNOWN
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10370

Source: CONFIRM
Type: Patch
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=44698259b1f5865c60323acaf2a633654a2abe81

Source: XF
Type: UNKNOWN
wireshark-cve20146424-dos(96230)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-6424

Source: CCN
Type: Wireshark advisory wnpa-sec-2014-14
Netflow dissector crash

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:718
    P
    Security update for java-1_8_0-ibm (Important)
    2022-08-31
    oval:org.opensuse.security:def:20146424
    V
    CVE-2014-6424
    2022-06-30
    oval:org.opensuse.security:def:214
    P
    libtss2-esys0-2.4.5-1.11 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:1410
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important)
    2022-02-01
    oval:org.opensuse.security:def:113584
    P
    wireshark-2.2.2-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:1054
    P
    Security update for libaom (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:32242
    P
    Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:26156
    P
    Security update for open-lldp (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:26141
    P
    Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:106970
    P
    wireshark-2.2.2-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:26130
    P
    Security update for ghostscript (Critical)
    2021-09-21
    oval:org.opensuse.security:def:26129
    P
    Security update for gtk-vnc (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:47436
    P
    libxslt-tools-1.1.28-16.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47892
    P
    squidGuard-1.4-30.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47568
    P
    bluez-5.13-5.4.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48238
    P
    mailx-12.5-28.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47196
    P
    aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47796
    P
    libthai-data-0.1.25-4.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47254
    P
    file-5.19-9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47940
    P
    PackageKit-1.1.3-24.9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47650
    P
    java-1_7_0-openjdk-1.7.0.181-43.15.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47239
    P
    dbus-1-glib-0.100.2-3.58 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47963
    P
    bind-9.11.2-3.10.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47700
    P
    libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48300
    P
    ruby-2.1-1.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47288
    P
    hyper-v-7-13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47861
    P
    procmail-3.22-269.3.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47375
    P
    libmms0-0.6.2-15.8 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48154
    P
    libncurses5-32bit-5.9-64.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47064
    P
    libpoppler-glib8-0.43.0-15.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47734
    P
    libldap-2_4-2-2.4.41-18.40.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47240
    P
    dhcp-4.3.3-9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47792
    P
    libsystemd0-228-150.49.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:32155
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:42729
    P
    wireshark-1.10.13-0.2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48601
    P
    pigz-2.3-5.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46735
    P
    libjansson4-2.7-1.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48396
    P
    curl-7.37.0-28.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61303
    P
    libwireshark9-2.4.6-1.31 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46871
    P
    xen-4.5.1_12-2.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:71044
    P
    libwireshark9-2.4.6-1.31 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48655
    P
    xorg-x11-server-7.6_1.18.3-57.34 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46736
    P
    libjasper1-1.900.1-170.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36322
    P
    wireshark-1.10.13-0.2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48467
    P
    libXfont1-1.5.1-10.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48365
    P
    apache-commons-beanutils-1.9.2-1.27 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36580
    P
    wireshark-1.10.13-0.2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46750
    P
    libmusicbrainz4-2.1.5-27.86 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:49441
    P
    Security update for python3 (Important)
    2021-05-17
    oval:org.opensuse.security:def:26213
    P
    Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:26205
    P
    Security update for openssl-1_0_0 (Moderate)
    2021-03-08
    oval:org.opensuse.security:def:26075
    P
    Security update for ImageMagick (Important)
    2021-01-22
    oval:org.opensuse.security:def:32098
    P
    Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:32006
    P
    Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:62499
    P
    wireshark-devel-2.4.6-1.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72218
    P
    wireshark-devel-2.4.6-1.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:27285
    P
    rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26471
    P
    Security update for Mozilla Thunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26847
    P
    yast2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31874
    P
    Security update for cyrus-imapd (Important)
    2020-12-01
    oval:org.opensuse.security:def:25883
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32398
    P
    Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26297
    P
    Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32608
    P
    systemtap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26603
    P
    libsnmp15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26333
    P
    Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26759
    P
    libpng12-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33285
    P
    wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31789
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27543
    P
    python-crypto on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32542
    P
    kvm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26550
    P
    fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26555
    P
    glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26861
    P
    ant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25947
    P
    Security update for freerdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:32454
    P
    Security update for xorg-x11-libICE (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26448
    P
    Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:26647
    P
    w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26414
    P
    Security update for python-Django (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26808
    P
    postgresql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31800
    P
    Security update for SuSEfirewall2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27320
    P
    wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25872
    P
    Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:25871
    P
    Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32564
    P
    libpython2_6-1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26589
    P
    libltdl7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49495
    P
    wireshark-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26706
    P
    ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33246
    P
    pyxml on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31788
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26905
    P
    glibc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32503
    P
    e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26501
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27578
    P
    wireshark on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:27300
    P
    ELSA-2014-1676 -- wireshark security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:26890
    P
    RHSA-2014:1676 -- wireshark security update (Moderate)
    2014-12-08
    oval:org.mitre.oval:def:27036
    P
    SUSE-SU-2014:1221-1 -- Security update for wireshark
    2014-12-01
    oval:org.mitre.oval:def:26930
    P
    DSA-3049-1 wireshark - security update
    2014-11-24
    oval:com.redhat.rhsa:def:20141676
    P
    RHSA-2014:1676: wireshark security update (Moderate)
    2014-10-21
    oval:com.ubuntu.bionic:def:201464240000000
    V
    CVE-2014-6424 on Ubuntu 18.04 LTS (bionic) - medium.
    2014-09-20
    oval:com.ubuntu.trusty:def:20146424000
    V
    CVE-2014-6424 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-09-20
    oval:com.ubuntu.artful:def:20146424000
    V
    CVE-2014-6424 on Ubuntu 17.10 (artful) - medium.
    2014-09-20
    oval:com.ubuntu.xenial:def:201464240000000
    V
    CVE-2014-6424 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-09-20
    oval:com.ubuntu.xenial:def:20146424000
    V
    CVE-2014-6424 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-09-20
    oval:com.ubuntu.bionic:def:20146424000
    V
    CVE-2014-6424 on Ubuntu 18.04 LTS (bionic) - medium.
    2014-09-20
    oval:com.ubuntu.precise:def:20146424000
    V
    CVE-2014-6424 on Ubuntu 12.04 LTS (precise) - medium.
    2014-09-20
    BACK
    wireshark wireshark 1.10.0
    wireshark wireshark 1.10.1
    wireshark wireshark 1.10.2
    wireshark wireshark 1.10.3
    wireshark wireshark 1.10.4
    wireshark wireshark 1.10.5
    wireshark wireshark 1.10.6
    wireshark wireshark 1.10.7
    wireshark wireshark 1.10.8
    wireshark wireshark 1.10.9
    wireshark wireshark 1.12.0
    wireshark wireshark 1.10.0
    wireshark wireshark 1.10.1
    wireshark wireshark 1.10.2
    wireshark wireshark 1.10.3
    wireshark wireshark 1.10.4
    wireshark wireshark 1.10.5
    wireshark wireshark 1.10.6
    wireshark wireshark 1.10.7
    wireshark wireshark 1.10.8
    wireshark wireshark 1.10.9
    wireshark wireshark 1.12.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6