Vulnerability Details : CVE-2013-7112
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-7112
Probability of exploitation activity in the next 30 days: 1.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-7112
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-7112
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7112
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00014.html
openSUSE-SU-2014:0020-1: moderate: update for wireshark
-
http://www.wireshark.org/security/wnpa-sec-2013-66.html
Wireshark · wnpa-sec-2013-66 · SIP dissector infinite loopVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0342.html
RHSA-2014:0342 - Security Advisory - Red Hat Customer Portal
-
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=51738&r2=51737&pathrev=51738
code.wireshark Code Review - wireshark.git/treePatch
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00011.html
openSUSE-SU-2014:0017-1: moderate: update for wireshark
-
http://rhn.redhat.com/errata/RHSA-2014-0341.html
RHSA-2014:0341 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:296
mandriva.com
-
http://lists.opensuse.org/opensuse-updates/2014-01/msg00007.html
openSUSE-SU-2014:0013-1: moderate: update for wireshark
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
9388 – PC freezes when loading a capture fileExploit
-
http://anonsvn.wireshark.org/viewvc?view=revision&revision=51738
code.wireshark Code Review - wireshark.git/treePatch
Products affected by CVE-2013-7112
- cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.11:*:*:*:*:*:*:*