Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2299Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources
Severity
9.3CRITICALNVD
EPSS
68.0%
top 1.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedMar 11
Latest updateMay 17

Description

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.10.6-1 (bookworm)
Debianwireshark/wireshark< 1.10.6-1+3
NVDwireshark/wireshark19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-89xx-9cg2-c9fg: Buffer overflow in the mpeg_read function in wiretap/mpeg2022-05-17
OSV
CVE-2014-2299: Buffer overflow in the mpeg_read function in wiretap/mpeg2014-03-11

💥Exploits & PoCs

2
Exploit-DB
Wireshark 1.8.12/1.10.5 - wiretap/mpeg.c Stack Buffer Overflow (Metasploit)2014-04-28
Metasploit
Wireshark wiretap/mpeg.c Stack Buffer Overflow

📋Vendor Advisories

2
Red Hat
wireshark: buffer overflow in MPEG file parser (wnpa-sec-2014-04)2014-03-07
Debian
CVE-2014-2299: wireshark - Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser i...2014

📄Research Papers

1
arXiv
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement2018-03-12

💬Community

2
Bugzilla
CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 wireshark: various flaws [fedora-all]2014-03-08
Bugzilla
CVE-2014-2299 wireshark: buffer overflow in MPEG file parser (wnpa-sec-2014-04)2014-03-08