[v2.7] wireshark: CVE-2013-7112 CVE-2013-7114
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-7112).
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet (CVE-2013-7114).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
http://www.wireshark.org/security/wnpa-sec-2013-66.html
http://www.wireshark.org/security/wnpa-sec-2013-68.html
(from redmine: issue id 2569, created on 2014-01-08, closed on 2014-02-04)
- Relations:
- parent #2566 (closed)
- Changesets:
- Revision 9b315752 by Natanael Copa on 2014-01-14T15:07:54Z:
main/wireshark: security upgrade to 1.10.4 (CVE-2013-7112,CVE-2013-7114)
fixes #2569