CVE-2014-4174
Wireshark 1.10.x < 1.10.4 - Remote Code Execution via Crafted Packet-Trace File
Title source: llmDescription
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://anonsvn.wireshark.org/viewvc?view=revision&revision=53123
Issue Tracking x_refsource_misc
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
Exploit x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2014-05.html
Patch x_refsource_confirm
http://anonsvn.wireshark.org/viewvc/trunk-1.10/wiretap/libpcap.c?r1=53123&r2=53122&pathrev=53123
Exploit x_refsource_misc
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9390
Scores
EPSS
0.0150
EPSS Percentile
81.4%
Details
CWE
CWE-119
Status
published
Products (4)
wireshark/wireshark
1.10.0
wireshark/wireshark
1.10.1
wireshark/wireshark
1.10.2
wireshark/wireshark
1.10.3
Published
Jun 18, 2014
Tracked Since
Feb 18, 2026