CVE-2013-4083

Wireshark 1.6.x < 1.6.16, 1.8.x < 1.8.8, 1.10.0 - Denial of Service in DCP ETSI Dissector

Title source: llm

Description

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

References (17)

Core 17

Core References

Patch x_refsource_confirm

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717

Various Sources x_refsource_confirm

http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/53762

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0341.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54425

Various Sources x_refsource_confirm

http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html

Various Sources x_refsource_confirm

http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2709

Various Sources x_refsource_confirm

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=49802&r2=49801&pathrev=49802

Various Sources x_refsource_confirm

http://www.wireshark.org/security/wnpa-sec-2013-41.html

Various Sources x_refsource_confirm

http://anonsvn.wireshark.org/viewvc?view=revision&revision=49802

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54296

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16375

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:172

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html

Scores

EPSS 0.0059

EPSS Percentile 69.4%

Details

CWE

CWE-20

Status published

Products (25)

wireshark/wireshark 1.6.0

wireshark/wireshark 1.6.1

wireshark/wireshark 1.6.2

wireshark/wireshark 1.6.3

wireshark/wireshark 1.6.4

wireshark/wireshark 1.6.5

wireshark/wireshark 1.6.6

wireshark/wireshark 1.6.7

wireshark/wireshark 1.6.8

wireshark/wireshark 1.6.9

... and 15 more

Published Jun 09, 2013

Tracked Since Feb 18, 2026