ID CVE-2013-5719
Summary epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
References
Vulnerable Configurations
  • Wireshark 1.8.0
    cpe:2.3:a:wireshark:wireshark:1.8.0
  • Wireshark 1.8.0 (Itanium)
    cpe:2.3:a:wireshark:wireshark:1.8.0:-:-:-:-:-:itanium
  • Wireshark 1.8.0 (SPARC)
    cpe:2.3:a:wireshark:wireshark:1.8.0:-:-:-:-:-:sparc
  • Wireshark 1.8.1
    cpe:2.3:a:wireshark:wireshark:1.8.1
  • Wireshark 1.8.2
    cpe:2.3:a:wireshark:wireshark:1.8.2
  • Wireshark 1.8.3
    cpe:2.3:a:wireshark:wireshark:1.8.3
  • Wireshark 1.8.4
    cpe:2.3:a:wireshark:wireshark:1.8.4
  • Wireshark 1.8.5
    cpe:2.3:a:wireshark:wireshark:1.8.5
  • Wireshark 1.8.6
    cpe:2.3:a:wireshark:wireshark:1.8.6
  • Wireshark 1.8.7
    cpe:2.3:a:wireshark:wireshark:1.8.7
  • Wireshark 1.8.8
    cpe:2.3:a:wireshark:wireshark:1.8.8
  • Wireshark 1.8.9
    cpe:2.3:a:wireshark:wireshark:1.8.9
  • Wireshark 1.10.0
    cpe:2.3:a:wireshark:wireshark:1.10.0
  • Wireshark Wireshark 1.10.1
    cpe:2.3:a:wireshark:wireshark:1.10.1
CVSS
Base: 4.3 (as of 02-10-2013 - 14:53)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-497.NASL
    description Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. This update also fixes many older less important issues by updating the package to the version found in Debian 8 also known as Jessie. For Debian 7 'Wheezy', these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u1. We recommend that you upgrade your wireshark packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 91395
    published 2016-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91395
    title Debian DLA-497-1 : wireshark security update
  • NASL family Windows
    NASL id WIRESHARK_1_8_10.NASL
    description The installed version of Wireshark 1.8 is earlier than 1.8.10. It is, therefore, affected by denial of service vulnerabilities in the following dissectors : - NBAP (Bug #9005) - ASSA R3 (Bug #9020) - RTPS (Bug #9019) - MQ (Bug #9079) - LDAP (No bug ID) - Netmon file parser (Bug #8742)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69880
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69880
    title Wireshark 1.8.x < 1.8.10 Multiple DoS
  • NASL family Windows
    NASL id WIRESHARK_1_10_2.NASL
    description The installed version of Wireshark 1.10 is earlier than 1.10.2. It is, therefore, affected by denial of service vulnerabilities in the following dissectors : - Bluetooth HCI ACL (Bug #8722) - NBAP (Bug #9005) - NBAP (Bug #9005) - ASSA R3 (Bug #9020) - RTPS (Bug #9019) - MQ (Bug #9079) - LDAP (No bug ID) - Netmon file parser (Bug #8742)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69881
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69881
    title Wireshark 1.10.x < 1.10.2 Multiple DoS
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-714.NASL
    description This wireshark update to 1.8.10 fixes several security and non security bugs. [bnc#839607] + vulnerabilities fixed : - The NBAP dissector could crash. wnpa-sec-2013-55 CVE-2013-5718 - The ASSA R3 dissector could go into an infinite loop. wnpa-sec-2013-56 CVE-2013-5719 - The RTPS dissector could overflow a buffer. wnpa-sec-2013-57 CVE-2013-5720 - The MQ dissector could crash. wnpa-sec-2013-58 CVE-2013-5721 - The LDAP dissector could crash. wnpa-sec-2013-59 CVE-2013-5722 - The Netmon file parser could crash. wnpa-sec-2013-60 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.10 .html
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75145
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75145
    title openSUSE Security Update : wireshark (openSUSE-SU-2013:1481-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_WIRESHARK_20131210.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. (CVE-2013-5717) - The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5718) - epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. (CVE-2013-5719) - Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5720) - The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5721) - Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-5722)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80809
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80809
    title Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-238.NASL
    description Multiple vulnerabilities was found and corrected in Wireshark : The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5718). epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-5719). Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5720). The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5721). Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet (CVE-2013-5722). This advisory provides the latest supported version of Wireshark (1.8.10) which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 70004
    published 2013-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70004
    title Mandriva Linux Security Advisory : wireshark (MDVSA-2013:238)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201312-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201312-13 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71488
    published 2013-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71488
    title GLSA-201312-13 : Wireshark: Multiple vulnerabilities
oval via4
accepted 2013-10-28T04:00:23.761-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
family windows
id oval:org.mitre.oval:def:18707
status accepted
submitted 2013-09-16T15:26:44.463-04:00
title epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet
version 5
refmap via4
confirm
secunia 55022
suse
  • openSUSE-SU-2013:1481
  • openSUSE-SU-2013:1483
Last major update 02-11-2013 - 23:34
Published 16-09-2013 - 09:01
Last modified 30-10-2018 - 12:26
Back to Top