NVD Vulnerability Detail

CVE-2014-5163

Summary	The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Publication Date	Aug. 1, 2014, 8:13 p.m.
Registration Date	Jan. 26, 2021, 3:14 p.m.
Last Update	Nov. 21, 2024, 11:11 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
2	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
3	http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html
4	http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html
5	http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
6	http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
7	http://secunia.com/advisories/57593
8	http://secunia.com/advisories/57593
9	http://www.debian.org/security/2014/dsa-3002
10	http://www.debian.org/security/2014/dsa-3002
11	http://www.wireshark.org/security/wnpa-sec-2014-09.html	Vendor Advisory
12	http://www.wireshark.org/security/wnpa-sec-2014-09.html	Vendor Advisory
13	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10216	Exploit
14	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10216	Exploit
15	https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3fc441e7a5008640c68ec985e669d5092414a519
16	https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3fc441e7a5008640c68ec985e669d5092414a519
17	https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=dd7134d907350ccc574cdec596f4162860912bb9
18	https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=dd7134d907350ccc574cdec596f4162860912bb9

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

Wireshark の GTP および GSM Management 解析機能におけるサービス運用妨害 (DoS) の脆弱性

Title	Wireshark の GTP および GSM Management 解析機能におけるサービス運用妨害 (DoS) の脆弱性
Summary	Wireshark の GTP および GSM Management 解析機能の (1) epan/dissectors/packet-gtp.c および (2) epan/dissectors/packet-gsm_a_gm.c 内の APN デコード機能は、特定のバッファを完全に初期化しないため、サービス運用妨害 (アプリケーションクラシュ) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工されたパケットを介して、サービス運用妨害 (アプリケーションクラシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 31, 2014, midnight
Registration Date	Aug. 4, 2014, 2:11 p.m.
Last Update	Oct. 6, 2014, 6:22 p.m.

Affected System

Wireshark

Wireshark 1.10.9 未満の 1.10.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-5163	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163
National Vulnerability Database (NVD)
2	CVE-2014-5163	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5163

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
SECURITY BLOG
1	Multiple Buffer Errors vulnerabilities in Wireshark	https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in3
Wireshark
2	Initialize whole buffer in GPRS Mobility and Session Management dissector	https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dd7134d907350ccc574cdec596f4162860912bb9
3	Initialize whole buffer in GTP dissector	https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3fc441e7a5008640c68ec985e669d5092414a519
4	wnpa-sec-2014-09	http://www.wireshark.org/security/wnpa-sec-2014-09.html
Wireshark Bug Database
5	Bug 10216	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10216

Change Log

No	Changed Details	Date of change
0	[2014年08月04日] 掲載 [2014年10月06日] ベンダ情報：オラクル (Multiple Buffer Errors vulnerabilities in Wireshark) を追加	Feb. 17, 2018, 10:37 a.m.