CVE-2014-6430
Description
The SnifferDecompress function in Wireshark's DOS Sniffer parser lacks bitmask validation, allowing a crafted file to crash the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The SnifferDecompress function in Wireshark's DOS Sniffer parser lacks bitmask validation, allowing a crafted file to crash the application.
Vulnerability
The SnifferDecompress function in wiretap/ngsniffer.c of the DOS Sniffer file parser in Wireshark does not validate bitmask data before using it. This affects Wireshark versions 1.10.x before 1.10.10, 1.12.x before 1.12.1, and also versions on Red Hat Enterprise Linux 6 and 7 shipped with specific packages [1][3]. The vulnerability can be triggered by opening a malformed packet trace file [4].
Exploitation
An attacker can exploit this by crafting a malicious DOS Sniffer capture file and convincing a user to open it in Wireshark. No special privileges or authentication are required; the attacker only needs to deliver the file via email, a website, or other means. Once the file is parsed, the missing bitmask validation leads to invalid memory accesses in the SnifferDecompress function [4].
Impact
Successful exploitation causes Wireshark to crash, resulting in a denial of service. The crash is due to invalid memory accesses, which could potentially be leveraged for further exploitation, though the primary impact is application termination [3]. No data confidentiality or integrity is directly compromised, but the tool becomes unavailable for analysis.
Mitigation
Fixed versions are Wireshark 1.12.1 and 1.10.10, released September 16, 2014 [3]. Red Hat provided updated packages through RHSA-2014-1676 and RHSA-2014-1677 for affected Enterprise Linux versions [1][2]. Users should upgrade to these fixed versions. No workaround other than avoiding opening untrusted Sniffer files is available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
13cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.12.0:*:*:*:*:*:*:*
- (no CPE)range: >=1.10.0, <=1.10.9 || >=1.12.0, <=1.12.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- linux.oracle.com/errata/ELSA-2014-1676nvd
- linux.oracle.com/errata/ELSA-2014-1677nvd
- lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-09/msg00058.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-1676.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-1677.htmlnvd
- secunia.com/advisories/60280nvd
- secunia.com/advisories/60578nvd
- secunia.com/advisories/61929nvd
- secunia.com/advisories/61933nvd
- www.debian.org/security/2014/dsa-3049nvd
- www.wireshark.org/security/wnpa-sec-2014-19.htmlnvd
- bugs.wireshark.org/bugzilla/show_bug.cginvd
- code.wireshark.org/review/gitwebnvd
News mentions
0No linked articles in our index yet.