CVE-2014-5162

Published: 1 August 2014

The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.

Priority

Status

Package	Release	Status
wireshark Launchpad, Ubuntu, Debian	artful	Not vulnerable (1.12.1+g01b65bf-2)
	bionic	Not vulnerable (1.12.1+g01b65bf-2)
	lucid	Ignored (end of life)
	precise	Not vulnerable (1.6.7-1)
	trusty	Not vulnerable (1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1)
	upstream	Released (1.10.9)
	utopic	Not vulnerable (1.12.0+git+4fab41a1-1)
	vivid	Not vulnerable (1.12.1+g01b65bf-2)
	wily	Not vulnerable (1.12.1+g01b65bf-2)
	xenial	Not vulnerable (1.12.1+g01b65bf-2)
	yakkety	Not vulnerable (1.12.1+g01b65bf-2)
	zesty	Not vulnerable (1.12.1+g01b65bf-2)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-5162

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading