Vulnerability Details : CVE-2013-6336
The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-6336
- cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6336
1.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6336
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-6336
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6336
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139
9139 – Buildbot crash output: fuzz-2013-09-12-20795.pcapExploit
-
http://www.wireshark.org/security/wnpa-sec-2013-61.html
Wireshark · wnpa-sec-2013-61 · IEEE 802.15.4 dissector crashVendor Advisory
-
http://www.debian.org/security/2013/dsa-2792
Debian -- Security Information -- DSA-2792-1 wireshark
-
http://lists.opensuse.org/opensuse-updates/2013-11/msg00027.html
openSUSE-SU-2013:1675-1: moderate: update for wireshark
-
http://rhn.redhat.com/errata/RHSA-2014-0342.html
RHSA-2014:0342 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-11/msg00026.html
openSUSE-SU-2013:1671-1: moderate: update for wireshark
-
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee802154.c?r1=52036&r2=52035&pathrev=52036
code.wireshark Code Review - wireshark.git/treePatch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19193
Repository / Oval Repository
-
http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
code.wireshark Code Review - wireshark.git/treePatch
Jump to