CVE-2013-6339

MEDIUM

Description

The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.

References

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52458&r2=52457&pathrev=52458

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-openwire.c?r1=52463&r2=52462&pathrev=52463

http://anonsvn.wireshark.org/viewvc?view=revision&revision=52458

http://anonsvn.wireshark.org/viewvc?view=revision&revision=52463

http://lists.opensuse.org/opensuse-updates/2013-11/msg00026.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00027.html

http://rhn.redhat.com/errata/RHSA-2014-0342.html

http://www.wireshark.org/security/wnpa-sec-2013-64.html

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19086

Details

Source: MITRE

Published: 2013-11-04

Updated: 2017-09-19

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.8:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.9:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.8.10:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*

cpe:2.3:a:wireshark:wireshark:1.10.2:*:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

ID	Name	Product	Family	Severity
91395	Debian DLA-497-1 : wireshark security update	Nessus	Debian Local Security Checks	high
80810	Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark8)	Nessus	Solaris Local Security Checks	medium
78273	Amazon Linux AMI : wireshark (ALAS-2014-330)	Nessus	Amazon Linux Local Security Checks	high
75197	openSUSE Security Update : wireshark (openSUSE-SU-2013:1671-1)	Nessus	SuSE Local Security Checks	medium
73286	Scientific Linux Security Update : wireshark on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
73282	RHEL 6 : wireshark (RHSA-2014:0342)	Nessus	Red Hat Local Security Checks	high
73280	Oracle Linux 6 : wireshark (ELSA-2014-0342)	Nessus	Oracle Linux Local Security Checks	high
73277	CentOS 6 : wireshark (CESA-2014:0342)	Nessus	CentOS Local Security Checks	high
71488	GLSA-201312-13 : Wireshark: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
71138	SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8503 / 8504)	Nessus	SuSE Local Security Checks	medium
71074	Mandriva Linux Security Advisory : wireshark (MDVSA-2013:279)	Nessus	Mandriva Local Security Checks	medium
70863	Fedora 20 : wireshark-1.10.3-3.fc20 (2013-20937)	Nessus	Fedora Local Security Checks	medium
70834	Fedora 19 : wireshark-1.10.3-3.fc19 (2013-20985)	Nessus	Fedora Local Security Checks	medium
70790	Fedora 19 : wireshark-1.10.3-2.fc19 (2013-20829)	Nessus	Fedora Local Security Checks	medium
70763	Wireshark 1.8.x < 1.8.11 Multiple DoS Vulnerabilities	Nessus	Windows	medium
70762	Wireshark 1.10.x < 1.10.3 Multiple DoS Vulnerabilities	Nessus	Windows	medium