Lucene search

K

[email protected]NVD:CVE-2013-5718

HistorySep 16, 2013 - 1:01 p.m.

CVE-2013-5718

2013-09-1613:01:46

CWE-264

[email protected]

web.nvd.nist.gov

1

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

0.004

Percentile

72.3%

The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected configurations

Nvd

Node

wiresharkwiresharkMatch1.8.0

OR

wiresharkwiresharkMatch1.8.1

OR

wiresharkwiresharkMatch1.8.2

OR

wiresharkwiresharkMatch1.8.3

OR

wiresharkwiresharkMatch1.8.4

OR

wiresharkwiresharkMatch1.8.5

OR

wiresharkwiresharkMatch1.8.6

OR

wiresharkwiresharkMatch1.8.7

OR

wiresharkwiresharkMatch1.8.8

OR

wiresharkwiresharkMatch1.8.9

OR

wiresharkwiresharkMatch1.10.0

OR

wiresharkwiresharkMatch1.10.1

References

anonsvn.wireshark.org/viewvc?view=revision&revision=51195

lists.opensuse.org/opensuse-updates/2013-09/msg00050.html

lists.opensuse.org/opensuse-updates/2013-09/msg00052.html

secunia.com/advisories/54812

secunia.com/advisories/55022

www.debian.org/security/2013/dsa-2756

bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18784

www.wireshark.org/security/wnpa-sec-2013-55.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

0.004

Percentile

72.3%

Related for NVD:CVE-2013-5718

cve1 ubuntucve1 debiancve1 cvelist1 prion1 openvas6 nessus7 osv1 debian1 mageia1 securityvulns2 gentoo1