CVE-2014-2907 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-2907 PUBLISHED

The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

EPSS 0.21% · 42.5th percentile

Risk Scores

EPSS Score

0.21%

42.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	wireshark	0, 2.4.5-1, 2.4.4-1
Ubuntu:16.04:LTS	wireshark	1.12.8+g5b6e543-2, 0, 1.12.7+g7fc8978-1
Ubuntu:14.04:LTS	wireshark	1.10.3-1, 1.10.2-1, 1.12.1+g01b65bf-4+deb8u11ubuntu0.14.04.1

Timeline

Apr 24, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2014-2907 third-party-advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885 third-party-advisory
http://www.wireshark.org/security/wnpa-sec-2014-06.html third-party-advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2014-2907 third-party-advisory

Open in Interactive Console →