CVE-2014-2299
CVE-2014-2299
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.htmlunverifiedcve_referencewww.exploit-db.com/exploits/33069unverifiedexploitdbwww.exploit-db.com/exploits/33069unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.htmlhttp://lists.opensuse.org/opensuse-updates/2014-03/msg00047.htmlhttp://osvdb.org/show/osvdb/104199http://packetstormsecurity.com/files/126337/Wireshark-1.8.12-1.10.5-wiretap-mpeg.c-Stack-Buffer-Overflow.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0341.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0342.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f567435ac7140c96a5de56dbce3d5e7659af4d09http://secunia.com/advisories/57480http://secunia.com/advisories/57489http://www.debian.org/security/2014/dsa-2871http://www.exploit-db.com/exploits/33069