CVE-2013-2486 | Vulnerability Database | Aqua Security

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.

Affected Software

Name	Vendor	Start Version	End Version
Debian_linux	Debian	7.0 (including)	7.0 (including)
Opensuse	Opensuse	11.4 (including)	11.4 (including)
Opensuse	Opensuse	12.1 (including)	12.1 (including)
Opensuse	Opensuse	12.2 (including)	12.2 (including)
Opensuse	Opensuse	12.3 (including)	12.3 (including)

References

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805\u0026r2=47804\u0026pathrev=47805
http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=47805
http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html
http://secunia.com/advisories/52471
http://secunia.com/advisories/53425
http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
http://www.wireshark.org/security/wnpa-sec-2013-21.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16109

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-2486
CWE	https://cwe.mitre.org/data/definitions/189.html