5

CVE-2013-4078

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version1.8.0
WiresharkWireshark Version1.8.1
WiresharkWireshark Version1.8.2
WiresharkWireshark Version1.8.3
WiresharkWireshark Version1.8.4
WiresharkWireshark Version1.8.5
WiresharkWireshark Version1.8.6
WiresharkWireshark Version1.8.7
DebianDebian Linux Version7.0
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.4% 0.873
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
http://secunia.com/advisories/53762
http://www.debian.org/security/2013/dsa-2709
http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
http://anonsvn.wireshark.org/viewvc?view=revision&revision=45566
http://anonsvn.wireshark.org/viewvc?view=revision&revision=46158
http://www.wireshark.org/security/wnpa-sec-2013-36.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16936