Launchpad.net

CVE 2014-2281

The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.

Related bugs and status

CVE-2014-2281 (Candidate) is related to these bugs:

Bug #1290100: [Need fake sync] a lot vulnerabilities buffer overflow crash ddos

		In	Importance	Status
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu)	High	Fix Released
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Saucy)	High	Won't Fix
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Trusty)	High	Fix Released
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Precise)	High	Won't Fix
1290100	[Need fake sync] a lot vulnerabilities buffer overflow crash ddos	wireshark (Ubuntu Quantal)	High	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-2281

Related bugs and status

Related bugs

References