CVE-2014-6422
wireshark - security update
EPSS 0.57%
Description
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
How to fix CVE-2014-6422
To remediate CVE-2014-6422, upgrade the affected package to a fixed version below.
- Debian/wireshark—upgrade to 1.12.0+git+4fab41a1-1 or later
- Debian/wireshark—upgrade to 1.8.2-5wheezy15~deb6u1 or later
- Debian/wireshark—upgrade to 1.8.2-5wheezy12 or later
Is CVE-2014-6422 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.12.0+git+4fab41a1-1
- from 0, < 1.8.2-5wheezy15~deb6u1
- from 0, < 1.8.2-5wheezy12