CVE-2013-2488

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2012-6054, CVE-2012-6056, CVE-2013-2475, CVE-2013-2476, CVE-2013-2477, CVE-2013-2478, CVE-2013-2479, CVE-2013-2480, CVE-2013-2481, CVE-2013-2482, CVE-2013-2483, CVE-2013-2484, CVE-2013-2485, CVE-2013-2486, CVE-2013-2487

Published on 07/03/13 - Updated on 30/10/18

Description

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2013-2488
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2013-AVI-173
Debian DSA-2644-1
Renater 2013/VULN101
SUSE SUSE-SU-2013:0714

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
debiandebian_linux
opensuseopensuse
wiresharkwireshark

Share this vulnerability with:

Twitter Facebook LinkedIn Mail