#VU33686 Input validation error in SUSE products - CVE-2013-3556

Cybersecurity Help s.r.o.

Published: 2013-05-25 | Updated: 2020-08-04

Vulnerability identifier: #VU33686

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-3556

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Wireshark
Server applications / IDS/IPS systems, Firewalls and proxy servers
Debian Linux
Operating systems & Components / Operating system
Opensuse
Operating systems & Components / Operating system

Vendor: Wireshark.org
Debian
SUSE

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Wireshark: 1.6.0 - 1.6.14, 1.8.0 - 1.8.6

Debian Linux: 1.6.0 - 7.0

Opensuse: 1.6.0 - 12.3

External links
https://anonsvn.wireshark.org/viewvc/trunk/epan/reassemble.c?r1=48943&r2=48942&pathrev=48943
https://anonsvn.wireshark.org/viewvc?view=revision&revision=48943
https://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
https://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
https://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
https://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
https://secunia.com/advisories/53425
https://secunia.com/advisories/54425
https://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
https://www.wireshark.org/security/wnpa-sec-2013-25.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599
https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in Wireshark

Input validation error in wireshark (Alpine package)