Vulnerability Details : CVE-2013-4077

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.
Publish Date : 2013-06-09 Last Update Date : 2018-10-30

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.0
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceOverflow
CWE ID	119

- Related OVAL Definitions

Title	Definition Id	Family
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of ser...	oval:org.mitre.oval:def:16829	windows
DSA-2709-1 wireshark - several	oval:org.mitre.oval:def:18499	unix
SUSE-SU-2013:1276-1 -- Security update for wireshark	oval:org.mitre.oval:def:25205	unix
SUSE-SU-2013:1265-1 -- Security update for wireshark	oval:org.mitre.oval:def:25218	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2013-4077

#	Product Type	Vendor	Product	Version
1	OS	Debian	Debian Linux	7.0	Version Details Vulnerabilities
2	OS	Opensuse	Opensuse	11.4	Version Details Vulnerabilities
3	OS	Opensuse	Opensuse	12.2	Version Details Vulnerabilities
4	OS	Opensuse	Opensuse	12.3	Version Details Vulnerabilities
5	Application	Wireshark	Wireshark	1.8.0	Version Details Vulnerabilities
6	Application	Wireshark	Wireshark	1.8.1	Version Details Vulnerabilities
7	Application	Wireshark	Wireshark	1.8.2	Version Details Vulnerabilities
8	Application	Wireshark	Wireshark	1.8.3	Version Details Vulnerabilities
9	Application	Wireshark	Wireshark	1.8.4	Version Details Vulnerabilities
10	Application	Wireshark	Wireshark	1.8.5	Version Details Vulnerabilities
11	Application	Wireshark	Wireshark	1.8.6	Version Details Vulnerabilities
12	Application	Wireshark	Wireshark	1.8.7	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Debian	Debian Linux	1
Opensuse	Opensuse	3
Wireshark	Wireshark	8

- References For CVE-2013-4077

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697 CONFIRM

http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html CONFIRM

http://www.wireshark.org/security/wnpa-sec-2013-35.html CONFIRM

http://www.debian.org/security/2013/dsa-2709
DEBIAN DSA-2709

http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
GENTOO GLSA-201308-05

http://anonsvn.wireshark.org/viewvc?view=revision&revision=49418 CONFIRM

http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
SUSE openSUSE-SU-2013:1086

http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
SUSE openSUSE-SU-2013:1084

- Metasploit Modules Related To CVE-2013-4077

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)