CVE-2013-2488 Information
Description
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
Reference
http://anonsvn.wireshark.org/viewvc?view=revision&revision=48011 http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html http://secunia.com/advisories/52471 http://www.debian.org/security/2013/dsa-2644 http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html http://www.wireshark.org/security/wnpa-sec-2013-22.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16672
Share on: