Main Vulnerability Database Exploits ID:3687 - Exploit for Input validation error in Wireshark - CVE-2013-4074

ID:3687 - Exploit for Input validation error in Wireshark - CVE-2013-4074

Published: August 4, 2020

Vulnerability identifier: #VU33870

Vulnerability risk: Medium

CVE-ID: CVE-2013-4074

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Wireshark

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/dos/wireshark/capwap

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Remediation

Install update from vendor's website.

ID:3687 - Exploit for Input validation error in Wireshark - CVE-2013-4074

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human