Input validation error in Wireshark
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-3556 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Wireshark Server applications / IDS/IPS systems, Firewalls and proxy servers Debian Linux Operating systems & Components / Operating system Opensuse Operating systems & Components / Operating system |
| Vendor |
Wireshark.org Debian SUSE |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU33686
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-3556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsWireshark: 1.6.0 - 1.8.6
Debian Linux: 1.6.0 - 7.0
Opensuse: 1.6.0 - 12.3
CPE2.3- cpe:2.3:a:wireshark_org:wireshark:1.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark_org:wireshark:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:1.6.2:*:*:*:*:*:*:*
http://anonsvn.wireshark.org/viewvc/trunk/epan/reassemble.c?r1=48943&r2=48942&pathrev=48943
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48943
http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
http://secunia.com/advisories/53425
http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://www.wireshark.org/security/wnpa-sec-2013-25.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599
http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
