You are here

CVE-2013-4081

Vincent (CVE) Danen's picture
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.

Details Source

Mitre

Public Date

2013-06-07 00:00:00

Impact

Low

Bugzilla

CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector (wnpa-sec-2013-39)

Bugzilla ID

972 686

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

External References

http://www.wireshark.org/security/wnpa-sec-2013-39.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (wireshark) RHSA-2013:1569 2013-11-20
Red Hat Enterprise Linux 5 (wireshark) RHSA-2014:0341 2014-03-31

CWE

CWE-835

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 wireshark Not affected