Detections
Analytics
Wireshark 1.12.x < 1.12.2 Multiple DoS Vulnerabilities
medium Nessus Plugin ID 79252
Language:
Synopsis
The remote Windows host contains an application that is affected by multiple denial of service vulnerabilities.Description
The remote Windows host has a version of Wireshark installed that is 1.12.x prior to 1.12.2. It is, therefore, affected by multiple denial of service vulnerabilities in following dissectors :- AMQP (CVE-2014-8711)
- NCP (CVE-2014-8712, CVE-2014-8713)
- SigComp (CVE-2014-8710)
- TN5250 (CVE-2014-8714)
A remote attacker, using a specially crafted packet, can cause the application to crash.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Wireshark version 1.12.2 or later.See Also
https://www.wireshark.org/security/wnpa-sec-2014-20.html
https://www.wireshark.org/security/wnpa-sec-2014-21.html
https://www.wireshark.org/security/wnpa-sec-2014-22.html
https://www.wireshark.org/security/wnpa-sec-2014-23.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html
Plugin Details
Severity: Medium
ID: 79252
File Name: wireshark_1_12_2.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 11/14/2014
Updated: 3/9/2023
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2014-8714
Vulnerability Information
CPE: cpe:/a:wireshark:wireshark
Required KB Items: installed_sw/Wireshark
Exploit Ease: No known exploits are available
Patch Publication Date: 11/12/2014
Vulnerability Publication Date: 11/12/2014
Reference Information
CVE: CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714