CVE-2014-4020
Wireshark 1.10.x < 1.10.8 - Denial of Service via Frame Metadissector Length Handling
Title source: llmDescription
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
References (5)
Core 5
Core References
Exploit x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10030
Exploit x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9999
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-06/msg00049.html
Patch x_refsource_confirm
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=beb119f911a698d44f4baa06d888bb1e775983bc
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2014-07.html
Scores
EPSS
0.0017
EPSS Percentile
37.9%
Details
CWE
CWE-189
Status
published
Products (8)
wireshark/wireshark
1.10.0
wireshark/wireshark
1.10.1
wireshark/wireshark
1.10.2
wireshark/wireshark
1.10.3
wireshark/wireshark
1.10.4
wireshark/wireshark
1.10.5
wireshark/wireshark
1.10.6
wireshark/wireshark
1.10.7
Published
Jun 18, 2014
Tracked Since
Feb 18, 2026