wireshark: CVE-2013-7112 CVE-2013-7114
The dissect_sip_common function in epan/dissectors/packet-sip.c in
the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before
1.10.4 does not check for empty lines, which allows remote attackers
to cause a denial of service (infinite loop) via a crafted packet
(CVE-2013-7112).
Multiple buffer overflows in the create_ntlmssp_v2_key function
in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in
Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote
attackers to cause a denial of service (application crash) via a long
domain name in a packet (CVE-2013-7114).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
http://www.wireshark.org/security/wnpa-sec-2013-66.html
http://www.wireshark.org/security/wnpa-sec-2013-68.html
(from redmine: issue id 2566, created on 2014-01-08, closed on 2014-02-04)
- Relations:
- child #2567 (closed)
- child #2568 (closed)
- child #2569 (closed)