7.8

CVE-2013-4929

The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version1.8.0
WiresharkWireshark Version1.8.1
WiresharkWireshark Version1.8.2
WiresharkWireshark Version1.8.3
WiresharkWireshark Version1.8.4
WiresharkWireshark Version1.8.5
WiresharkWireshark Version1.8.6
WiresharkWireshark Version1.8.7
WiresharkWireshark Version1.8.8
WiresharkWireshark Version1.10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.6% 0.88
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://secunia.com/advisories/54296
http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html
http://secunia.com/advisories/54371
http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dis-pdus.c?r1=50450&r2=50449&pathrev=50450
Patch
http://anonsvn.wireshark.org/viewvc?view=revision&revision=50450
Patch
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8911
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17028
https://www.wireshark.org/security/wnpa-sec-2013-47.html
Vendor Advisory