2.9

CVE-2013-1574

The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

Data is provided by the National Vulnerability Database (NVD)
WiresharkWireshark Version1.6.0
WiresharkWireshark Version1.6.1
WiresharkWireshark Version1.6.2
WiresharkWireshark Version1.6.3
WiresharkWireshark Version1.6.4
WiresharkWireshark Version1.6.5
WiresharkWireshark Version1.6.6
WiresharkWireshark Version1.6.7
WiresharkWireshark Version1.6.8
WiresharkWireshark Version1.6.9
WiresharkWireshark Version1.6.10
WiresharkWireshark Version1.6.11
WiresharkWireshark Version1.6.12
WiresharkWireshark Version1.8.0
WiresharkWireshark Version1.8.1
WiresharkWireshark Version1.8.2
WiresharkWireshark Version1.8.3
WiresharkWireshark Version1.8.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.426
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 2.9 5.5 2.9
AV:A/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.