Lucene search

K

[email protected]NVD:CVE-2013-4083

HistoryJun 09, 2013 - 9:55 p.m.

CVE-2013-4083

2013-06-0921:55:01

CWE-20

[email protected]

web.nvd.nist.gov

3

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.8%

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected configurations

Nvd

Node

wiresharkwiresharkMatch1.6.0

OR

wiresharkwiresharkMatch1.6.1

OR

wiresharkwiresharkMatch1.6.2

OR

wiresharkwiresharkMatch1.6.3

OR

wiresharkwiresharkMatch1.6.4

OR

wiresharkwiresharkMatch1.6.5

OR

wiresharkwiresharkMatch1.6.6

OR

wiresharkwiresharkMatch1.6.7

OR

wiresharkwiresharkMatch1.6.8

OR

wiresharkwiresharkMatch1.6.9

OR

wiresharkwiresharkMatch1.6.10

OR

wiresharkwiresharkMatch1.6.11

OR

wiresharkwiresharkMatch1.6.12

OR

wiresharkwiresharkMatch1.6.13

OR

wiresharkwiresharkMatch1.6.14

OR

wiresharkwiresharkMatch1.6.15

Node

wiresharkwiresharkMatch1.8.0

OR

wiresharkwiresharkMatch1.8.1

OR

wiresharkwiresharkMatch1.8.2

OR

wiresharkwiresharkMatch1.8.3

OR

wiresharkwiresharkMatch1.8.4

OR

wiresharkwiresharkMatch1.8.5

OR

wiresharkwiresharkMatch1.8.6

OR

wiresharkwiresharkMatch1.8.7

Node

wiresharkwiresharkMatch1.10.0

References

anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802

anonsvn.wireshark.org/viewvc?view=revision&revision=49802

lists.opensuse.org/opensuse-updates/2013-06/msg00194.html

lists.opensuse.org/opensuse-updates/2013-06/msg00196.html

rhn.redhat.com/errata/RHSA-2014-0341.html

secunia.com/advisories/53762

secunia.com/advisories/54296

secunia.com/advisories/54425

www.debian.org/security/2013/dsa-2709

www.gentoo.org/security/en/glsa/glsa-201308-05.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:172

www.wireshark.org/docs/relnotes/wireshark-1.10.1.html

www.wireshark.org/docs/relnotes/wireshark-1.6.16.html

www.wireshark.org/docs/relnotes/wireshark-1.8.8.html

www.wireshark.org/security/wnpa-sec-2013-41.html

bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16375

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.8%

Related for NVD:CVE-2013-4083

prion1 openvas24 cvelist1 kaspersky1 ubuntucve1 debiancve1 cve1 nessus24 mageia2 securityvulns2 debian1 centos2 veracode27 redhat2 oraclelinux2 f52 amazon1 fedora3 gentoo1