Published: 25/05/2013 Updated: 30/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Multiple integer overflows in Wireshark 1.8.x prior to 1.8.7 allow remote malicious users to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 12.2
opensuse opensuse 12.3
debian debian linux 7.0
opensuse opensuse 11.4
wireshark wireshark 1.8.4
wireshark wireshark 1.8.5
wireshark wireshark 1.8.6
wireshark wireshark 1.8.2
wireshark wireshark 1.8.3
wireshark wireshark 1.8.0
wireshark wireshark 1.8.1

Synopsis Moderate: wireshark security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated wireshark packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 6The Red Hat Security Response Team ha ...

Debian Bug report logs - #709167 wireshark: Security vulnerabilities fixed in 187 (CVE-2013-3555 to CVE-2013-3562) Package: wireshark; Maintainer for wireshark is Balint Reczey <rbalint@ubuntucom>; Source for wireshark is src:wireshark (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Tue, 21 May ...

Two flaws were found in Wireshark If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark Wireshark could crash or stop responding if it read a malfor ...

Multiple integer overflows in Wireshark 18x before 187 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector ...

CWE-189 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48919 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-websocket.c?r1=48336&r2=48335&pathrev=48336 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48894 http://anonsvn.wireshark.org/viewvc?view=revision&revision=48336 http://www.wireshark.org/security/wnpa-sec-2013-30.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8464 http://www.wireshark.org/security/wnpa-sec-2013-31.html http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-etch.c?r1=48919&r2=48918&pathrev=48919 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8458 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mysql.c?r1=48894&r2=48893&pathrev=48894 http://www.wireshark.org/security/wnpa-sec-2013-29.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html http://secunia.com/advisories/53425 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://secunia.com/advisories/54425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16755 https://access.redhat.com/errata/RHSA-2013:1569 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-3561 https://alas.aws.amazon.com/ALAS-2013-251.html

CVE-2013-3561

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect