You are here

CVE-2013-7112

Vincent (CVE) Danen's picture
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Details Source

Mitre

Public Date

2013-12-17 00:00:00

Impact

Low

Bugzilla

CVE-2013-7112 wireshark: SIP dissector could go into an infinite loop (wnpa-sec-2013-66)

Bugzilla ID

1 044 508

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

External References

http://www.wireshark.org/security/wnpa-sec-2013-66.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (wireshark) RHSA-2014:0342 2014-03-31
Red Hat Enterprise Linux 5 (wireshark) RHSA-2014:0341 2014-03-31

CWE

CWE-835

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 wireshark Not affected