ID:3728 - Exploit for Input validation error in Wireshark - CVE-2013-4074

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3728 - Exploit for Input validation error in Wireshark - CVE-2013-4074

ID:3728 - Exploit for Input validation error in Wireshark - CVE-2013-4074

Published: August 4, 2020


Vulnerability identifier: #VU33870
Vulnerability risk: Medium
CVE-ID: CVE-2013-4074
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Wireshark

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.


Remediation

Install update from vendor's website.