CVE-2013-2488
Wireshark 1.6.x < 1.6.14 and 1.8.x < 1.8.6 - Denial of Service via DTLS Dissector Fragment Offset
Title source: llmDescription
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
References (10)
Core 10
Core References
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2013-22.html
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html
Vendor Advisory x_refsource_confirm
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48011
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16672
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52471
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html
Issue Tracking x_refsource_confirm
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2644
Scores
EPSS
0.0362
EPSS Percentile
87.9%
Details
CWE
CWE-20
Status
published
Products (25)
debian/debian_linux
7.0
opensuse/opensuse
11.4
opensuse/opensuse
12.1
opensuse/opensuse
12.2
opensuse/opensuse
12.3
wireshark/wireshark
1.8.0
wireshark/wireshark
1.8.1
wireshark/wireshark
1.8.2
wireshark/wireshark
1.8.3
wireshark/wireshark
1.8.4
... and 15 more
Published
Mar 07, 2013
Tracked Since
Feb 18, 2026