Vulnerability Name:

CVE-2014-6426 (CCN-96232)

Assigned:2014-08-14
Published:2014-08-14
Updated:2014-11-05
Summary:The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
CWE-835
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2014-6426

Source: CONFIRM
Type: UNKNOWN
http://linux.oracle.com/errata/ELSA-2014-1676

Source: CCN
Type: RHSA-2014-1676
Moderate: wireshark security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1676

Source: SECUNIA
Type: UNKNOWN
60280

Source: SECUNIA
Type: UNKNOWN
61929

Source: CCN
Type: BID-69863
Wireshark HIP Dissector CVE-2014-6426 Remote Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.wireshark.org/security/wnpa-sec-2014-16.html

Source: CONFIRM
Type: Patch
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d9e5021fe79973d00ddd8fcef0bbefbaae63dd0f

Source: XF
Type: UNKNOWN
wireshark-cve20146426-dos(96232)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-6426

Source: CCN
Type: Wireshark advisory wnpa-sec-2014-16
HIP infinite loop

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:718
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-31
    oval:org.opensuse.security:def:20146426
    V
    		CVE-2014-6426
    2022-06-30
    oval:org.opensuse.security:def:214
    P
    		libtss2-esys0-2.4.5-1.11 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:1410
    P
    		Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important)
    2022-02-01
    oval:org.opensuse.security:def:113584
    P
    		wireshark-2.2.2-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:1054
    P
    		Security update for libaom (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:106970
    P
    		wireshark-2.2.2-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:47792
    P
    		libsystemd0-228-150.49.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47892
    P
    		squidGuard-1.4-30.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48154
    P
    		libncurses5-32bit-5.9-64.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47196
    P
    		aaa_base-13.2+git20140911.61c1681-36.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47240
    P
    		dhcp-4.3.3-9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48300
    P
    		ruby-2.1-1.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47436
    P
    		libxslt-tools-1.1.28-16.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47375
    P
    		libmms0-0.6.2-15.8 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47734
    P
    		libldap-2_4-2-2.4.41-18.40.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47700
    P
    		libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47861
    P
    		procmail-3.22-269.3.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47940
    P
    		PackageKit-1.1.3-24.9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47064
    P
    		libpoppler-glib8-0.43.0-15.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47239
    P
    		dbus-1-glib-0.100.2-3.58 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47963
    P
    		bind-9.11.2-3.10.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48238
    P
    		mailx-12.5-28.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47288
    P
    		hyper-v-7-13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47254
    P
    		file-5.19-9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47650
    P
    		java-1_7_0-openjdk-1.7.0.181-43.15.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47568
    P
    		bluez-5.13-5.4.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47796
    P
    		libthai-data-0.1.25-4.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:46871
    P
    		xen-4.5.1_12-2.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:61303
    P
    		libwireshark9-2.4.6-1.31 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48655
    P
    		xorg-x11-server-7.6_1.18.3-57.34 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46735
    P
    		libjansson4-2.7-1.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48396
    P
    		curl-7.37.0-28.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46750
    P
    		libmusicbrainz4-2.1.5-27.86 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:71044
    P
    		libwireshark9-2.4.6-1.31 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48601
    P
    		pigz-2.3-5.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48365
    P
    		apache-commons-beanutils-1.9.2-1.27 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46736
    P
    		libjasper1-1.900.1-170.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48467
    P
    		libXfont1-1.5.1-10.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:49441
    P
    		Security update for python3 (Important)
    2021-05-17
    oval:org.opensuse.security:def:62499
    P
    		wireshark-devel-2.4.6-1.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72218
    P
    		wireshark-devel-2.4.6-1.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:49495
    P
    		wireshark-devel on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:27300
    P
    		ELSA-2014-1676 -- wireshark security update (moderate)
    2014-12-15
    oval:org.mitre.oval:def:26890
    P
    		RHSA-2014:1676 -- wireshark security update (Moderate)
    2014-12-08
    oval:com.redhat.rhsa:def:20141676
    P
    		RHSA-2014:1676: wireshark security update (Moderate)
    2014-10-21
    oval:com.ubuntu.precise:def:20146426000
    V
    		CVE-2014-6426 on Ubuntu 12.04 LTS (precise) - medium.
    2014-09-20
    oval:com.ubuntu.trusty:def:20146426000
    V
    		CVE-2014-6426 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-09-20
    BACK
    wireshark wireshark 1.12.0
    wireshark wireshark 1.12.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6