Detections
Analytics

Alpine: tshark, multiple wireshark packages: security update to 1.10.0-r0 (deprecated)

high Tenable Cloud Security Plugin ID 401222

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x
 before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero
 remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.
 (CVE-2013-4929)

 - The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x
 before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which
 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
 (CVE-2013-4083)

 - The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which
 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
 (CVE-2013-4920)

 - Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the
 Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service
 (application crash) via a crafted packet. (CVE-2013-4921)

 - Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-
 dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote
 attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-4922)

See Also

https://git.alpinelinux.org/aports/commit/?id=2a9ef96d439dd086681adfc83be64e5d4637e7b4

https://git.alpinelinux.org/aports/commit/?id=e49369a9fbba515630a272fdfb7538be9b8c57c2

Plugin Details

Severity: High

ID: 401222

Version: Revision 1.24

Type: Local

Published: 8/16/2023

Updated: 5/8/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2013-4929

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2013-4936

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 7/30/2013

Vulnerability Publication Date: 6/7/2013

Reference Information

CVE: CVE-2013-4083, CVE-2013-4920, CVE-2013-4921, CVE-2013-4922, CVE-2013-4923, CVE-2013-4924, CVE-2013-4925, CVE-2013-4926, CVE-2013-4927, CVE-2013-4928, CVE-2013-4929, CVE-2013-4930, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936

BID: 60504, 61471, 62868

IAVB: 2013-B-0067-S, 2013-B-0077-S