Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2488

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-2488
Last Modified 23 Sep 2014 01:34:34
Published 07 Mar 2013 10:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2488

Summary

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

Vulnerable Systems

Application

  • Wireshark 1.6.0

  • Wireshark 1.6.1

  • Wireshark 1.6.10

  • Wireshark 1.6.11

  • Wireshark 1.6.12

  • Wireshark 1.6.13

  • Wireshark 1.6.2

  • Wireshark 1.6.3

  • Wireshark 1.6.4

  • Wireshark 1.6.5

  • Wireshark 1.6.6

  • Wireshark 1.6.7

  • Wireshark 1.6.8

  • Wireshark 1.6.9

  • Wireshark 1.8.0

  • Wireshark 1.8.1

  • Wireshark 1.8.2

  • Wireshark 1.8.3

  • Wireshark 1.8.4

  • Wireshark 1.8.5


References

CONFIRM - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380

CONFIRM - http://www.wireshark.org/security/wnpa-sec-2013-22.html

CONFIRM - http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html

CONFIRM - http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html

CONFIRM - http://anonsvn.wireshark.org/viewvc?view=revision&revision=48011

DEBIAN - DSA-2644

SUSE - openSUSE-SU-2013:0506

SUSE - openSUSE-SU-2013:0494

SECUNIA - 52471


Last Updated: 27 May 2016 11:02:01