Vulnerability Details : CVE-2013-4082
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2013-4082
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4082
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4082
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4082
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4082
-
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Wireshark: Multiple vulnerabilities (GLSA 201308-05) — Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
openSUSE-SU-2013:1084-1: moderate: update for wiresharkVendor Advisory
-
http://www.wireshark.org/security/wnpa-sec-2013-40.html
Wireshark · wnpa-sec-2013-40 · Ixia IxVeriWave file parser crashVendor Advisory
-
http://anonsvn.wireshark.org/viewvc?view=revision&revision=49739
code.wireshark Code Review - wireshark.git/treePatch
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
8760 – testcase crashes wireshark and tshark on all platforms(windows linux)Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16886
Repository / Oval Repository
-
http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
Wireshark · Wireshark 1.8.8 Release NotesVendor Advisory
-
http://www.debian.org/security/2013/dsa-2709
Debian -- Security Information -- DSA-2709-1 wiresharkVendor Advisory
-
http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=49739&r2=49738&pathrev=49739
code.wireshark Code Review - wireshark.git/treePatch
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
openSUSE-SU-2013:1086-1: moderate: wiresharkVendor Advisory
Jump to