ID CVE-2013-3558
Summary The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
References
Vulnerable Configurations
  • Wireshark 1.8.0
    cpe:2.3:a:wireshark:wireshark:1.8.0
  • Wireshark 1.8.1
    cpe:2.3:a:wireshark:wireshark:1.8.1
  • Wireshark 1.8.2
    cpe:2.3:a:wireshark:wireshark:1.8.2
  • Wireshark 1.8.3
    cpe:2.3:a:wireshark:wireshark:1.8.3
  • Wireshark 1.8.4
    cpe:2.3:a:wireshark:wireshark:1.8.4
  • Wireshark 1.8.5
    cpe:2.3:a:wireshark:wireshark:1.8.5
  • Wireshark 1.8.6
    cpe:2.3:a:wireshark:wireshark:1.8.6
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • OpenSUSE 11.4
    cpe:2.3:o:opensuse:opensuse:11.4
  • OpenSUSE 12.2
    cpe:2.3:o:opensuse:opensuse:12.2
  • OpenSUSE 12.3
    cpe:2.3:o:opensuse:opensuse:12.3
CVSS
Base: 5.0 (as of 01-12-2015 - 12:59)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2700.NASL
    description Multiple vulnerabilities were discovered in the dissectors for GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could result in denial of service or the execution of arbitrary code. The oldstable distribution (squeeze) is not affected.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 66767
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66767
    title Debian DSA-2700-1 : wireshark - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-536.NASL
    description This update of wireshark includes several security and bug fixes. - update to 1.8.8 [bnc#823932] + vulnerabilities fixed : - The CAPWAP dissector could crash. wnpa-sec-2013-32 - The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33 - The PPP dissector could crash. wnpa-sec-2013-34 - The NBAP dissector could crash. wnpa-sec-2013-35 - The RDP dissector could crash. wnpa-sec-2013-36 - The GSM CBCH dissector could crash. wnpa-sec-2013-37 - The Assa Abloy R3 dissector could consume excessive memory and CPU. wnpa-sec-2013-38 - The HTTP dissector could overrun the stack. wnpa-sec-2013-39 - The Ixia IxVeriWave file parser could overflow the heap. wnpa-sec-2013-40 - The DCP ETSI dissector could crash. wnpa-sec-2013-41 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.8. html wnpa-sec-2013-24 CVE-2013-3555 wnpa-sec-2013-25 CVE-2013-3556 CVE-2013-3557 wnpa-sec-2013-26 CVE-2013-3558 wnpa-sec-2013-27 CVE-2013-3559 wnpa-sec-2013-28 CVE-2013-3560 wnpa-sec-2013-29 CVE-2013-3561 CVE-2013-3562 wnpa-sec-2013-30 CVE-2013-3561 wnpa-sec-2013-31 CVE-2013-3561
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75058
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75058
    title openSUSE Security Update : wireshark (openSUSE-SU-2013:1084-1)
  • NASL family Windows
    NASL id WIRESHARK_1_8_7.NASL
    description The installed version of Wireshark 1.8 is earlier than 1.8.7. It is, therefore, affected by the following vulnerabilities : - Errors exist in the ETCH, MySQL, and RELOAD dissectors that could lead to an infinite loop, resulting in a denial of service. (Bugs 8546, 8458, 8464) - Errors exist in the ASN.1 BER, DCP ETSI, GTPv2, MPEG DSM-CC, PPP CCP, and Websocket dissectors that could allow them to crash. (Bugs 8231, 8448, 8499, 8481, 8493, 8540, 8541, 8599, 8638)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 66544
    published 2013-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66544
    title Wireshark 1.8.x < 1.8.7 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201308-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201308-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 69500
    published 2013-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69500
    title GLSA-201308-05 : Wireshark: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17635.NASL
    description dumpcap now stores temporary capture files in /var/tmp - Convert automake/pkgconfig files into patches (better upstream integration) - Restored category in the *.desktop file - Install another one necessary header file - frame_data_sequence.h - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Enhance desktop integration (*.desktop and MIME-related files) - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Enhance desktop integration (*.desktop and MIME-related files) - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Various security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71543
    published 2013-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71543
    title Fedora 18 : wireshark-1.10.2-4.fc18 (2013-17635)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_WIRESHARK_20130924.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. (CVE-2013-2486) - epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. (CVE-2013-2487) - epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2013-3555) - The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2013-3556) - The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2013-3557) - The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2013-3558) - epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. (CVE-2013-3559) - The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2013-3560) - Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. (CVE-2013-3561) - Multiple integer signedness errors in the tvb_unmasked function in epan/ dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. (CVE-2013-3562) - The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-4083)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80807
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80807
    title Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17627.NASL
    description dumpcap now stores temporary capture files in /var/tmp - Convert automake/pkgconfig files into patches (better upstream integration) - Restored category in the *.desktop file - Install another one necessary header file - frame_data_sequence.h - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Enhance desktop integration (*.desktop and MIME-related files) - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Enhance desktop integration (*.desktop and MIME-related files) - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Various security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 70280
    published 2013-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70280
    title Fedora 20 : wireshark-1.10.2-7.fc20 (2013-17627)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17661.NASL
    description dumpcap now stores temporary capture files in /var/tmp - Convert automake/pkgconfig files into patches (better upstream integration) - Restored category in the *.desktop file - Install another one necessary header file - frame_data_sequence.h - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Enhance desktop integration (*.desktop and MIME-related files) - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Enhance desktop integration (*.desktop and MIME-related files) - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Ver. 1.10.1 fix missing ws_symbol_export.h - Ver. 1.10.2 - Various security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 70181
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70181
    title Fedora 19 : wireshark-1.10.2-6.fc19 (2013-17661)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-1276-1.NASL
    description This wireshark version update to 1.6.16 includes several security and general bug fixes. http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html - The CAPWAP dissector could crash. Discovered by Laurent Butti. (CVE-2013-4074) - The HTTP dissector could overrun the stack. Discovered by David Keeler. (CVE-2013-4081) - The DCP ETSI dissector could crash. (CVE-2013-4083) http://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html - The ASN.1 BER dissector could crash. ( CVE-2013-3556 CVE-2013-3557 ) The releases also fix various non-security issues. Additionally, a crash in processing SCTP filters has been fixed. (bug#816887) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-05-20
    plugin id 83596
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83596
    title SUSE SLED10 / SLES10 Security Update : wireshark (SUSE-SU-2013:1276-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_WIRESHARK-130711.NASL
    description This wireshark version update to 1.8.8 includes several security and general bug fixes. Version update to 1.8.8 [bnc#824900] : - vulnerabilities fixed : - The CAPWAP dissector could crash. wnpa-sec-2013-32. (CVE-2013-4074) - The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33. (CVE-2013-4075) - The PPP dissector could crash. wnpa-sec-2013-34. (CVE-2013-4076) - The NBAP dissector could crash. wnpa-sec-2013-35. (CVE-2013-4077) - The RDP dissector could crash. wnpa-sec-2013-36. (CVE-2013-4078) - The GSM CBCH dissector could crash. wnpa-sec-2013-37. (CVE-2013-4079) - The Assa Abloy R3 dissector could consume excessive memory and CPU. wnpa-sec-2013-38. (CVE-2013-4080) - The HTTP dissector could overrun the stack. wnpa-sec-2013-39. (CVE-2013-4081) - The Ixia IxVeriWave file parser could overflow the heap. wnpa-sec-2013-40. (CVE-2013-4082) - The DCP ETSI dissector could crash. wnpa-sec-2013-41. (CVE-2013-4083) - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.8. html Version update to 1.8.7 [bnc#813217, bnc#820973] : - vulnerabilities fixed : - The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-23. (CVE-2013-2486 / CVE-2013-2487) - The GTPv2 dissector could crash. wnpa-sec-2013-24 - The ASN.1 BER dissector could crash. wnpa-sec-2013-25 - The PPP CCP dissector could crash. wnpa-sec-2013-26 - The DCP ETSI dissector could crash. wnpa-sec-2013-27 - The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28 - The Websocket dissector could crash. wnpa-sec-2013-29 - The MySQL dissector could go into an infinite loop. wnpa-sec-2013-30 - The ETCH dissector could go into a large loop. wnpa-sec-2013-31 - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.7. html Ohter bug fixes : - 'Save As' Nokia libpcap corrupting the file. (bnc#816517) - wireshark crashed in 'SCTP' -> 'Prepare Filter for this Association'. (bnc#816887)
    last seen 2019-02-21
    modified 2015-01-13
    plugin id 69091
    published 2013-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69091
    title SuSE 11.2 / 11.3 Security Update : wireshark (SAT Patch Numbers 8044 / 8045)
oval via4
accepted 2013-07-08T04:01:40.520-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
family windows
id oval:org.mitre.oval:def:16417
status accepted
submitted 2013-05-28T11:47:30.580-04:00
title The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list
version 5
refmap via4
confirm
debian DSA-2700
gentoo GLSA-201308-05
secunia
  • 53425
  • 54425
suse
  • openSUSE-SU-2013:0911
  • openSUSE-SU-2013:0947
  • openSUSE-SU-2013:1084
  • openSUSE-SU-2013:1086
Last major update 01-12-2015 - 14:46
Published 24-05-2013 - 23:18
Last modified 30-10-2018 - 12:27
Back to Top