Executive Summary

Informations
Name CVE-2013-7113 First vendor Publication 2013-12-19
Vendor Cve Last vendor Modification 2014-01-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20903
 
Oval ID: oval:org.mitre.oval:def:20903
Title: epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Description: epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Family: windows Class: vulnerability
Reference(s): CVE-2013-7113
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
 Product(s): Wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25322
 
Oval ID: oval:org.mitre.oval:def:25322
Title: SUSE-SU-2014:0115-1 -- Security update for wireshark
Description: wireshark was updated to security update version 1.8.12, fixing bugs and security issues. * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.htm l <https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.ht ml>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0115-1
CVE-2013-7112
CVE-2013-7114
CVE-2013-7113
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): wireshark
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25461
 
Oval ID: oval:org.mitre.oval:def:25461
Title: SUSE-SU-2014:0431-1 -- Security update for wireshark
Description: This update fixes a security problem in the BSSGP network protocol dissector that could crash wireshark. Security Issue reference: * CVE-2013-7113 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0431-1
CVE-2013-7113
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): wireshark
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-3.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-9.nasl - Type : ACT_GATHER_INFO
2014-03-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-140305.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-131227.nasl - Type : ACT_GATHER_INFO
2013-12-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2825.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Windows host contains an application that is affected by multiple ...
File : wireshark_1_10_4.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803
http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c...
http://www.wireshark.org/security/wnpa-sec-2013-67.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488
DEBIAN http://www.debian.org/security/2013/dsa-2825
SECUNIA http://secunia.com/advisories/56052
http://secunia.com/advisories/56313
SUSE http://lists.opensuse.org/opensuse-updates/2014-01/msg00007.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00011.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2021-05-04 12:29:04
  • Multiple Updates
2021-04-22 01:35:14
  • Multiple Updates
2020-05-23 00:39:02
  • Multiple Updates
2016-04-26 23:58:00
  • Multiple Updates
2014-06-14 13:36:43
  • Multiple Updates
2014-03-26 13:21:32
  • Multiple Updates
2014-02-17 11:24:37
  • Multiple Updates
2014-01-17 13:20:19
  • Multiple Updates
2014-01-14 13:21:04
  • Multiple Updates
2014-01-04 13:19:56
  • Multiple Updates
2013-12-20 21:20:42
  • Multiple Updates
2013-12-20 13:20:24
  • First insertion