CVE-2013-2486

Severity

61%

Complexity

65%

Confidentiality

115%

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.

CVSS 2.0 Base Score 6.1. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: low. CVSS Vector: (AV:A/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 11 years ago

2013-03-07 15:55:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

Debian Linux 7.0

7.0

OpenSUSE 11.4

11.4

OpenSUSE 12.1

12.1

OpenSUSE 12.2

12.2

OpenSUSE 12.3

12.3

Wireshark 1.8.0

1.8.0

Wireshark 1.8.1

1.8.1

Wireshark 1.8.2

1.8.2

Wireshark 1.8.3

1.8.3

Wireshark 1.8.4

1.8.4

Wireshark 1.8.5

1.8.5

References

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805

http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805

openSUSE-SU-2013:0494

openSUSE-SU-2013:0506

openSUSE-SU-2013:0911

openSUSE-SU-2013:0947

52471

53425

http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html

Vendor Advisory

http://www.wireshark.org/security/wnpa-sec-2013-21.html