CVE Vulnerabilities

CVE-2013-4074

Published: Jun 09, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
LOW
root.io minimus.io echohq.com

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected Software

Name Vendor Start Version End Version
Wireshark Wireshark 1.6.0 (including) 1.6.0 (including)
Wireshark Wireshark 1.6.1 (including) 1.6.1 (including)
Wireshark Wireshark 1.6.2 (including) 1.6.2 (including)
Wireshark Wireshark 1.6.3 (including) 1.6.3 (including)
Wireshark Wireshark 1.6.4 (including) 1.6.4 (including)
Wireshark Wireshark 1.6.5 (including) 1.6.5 (including)
Wireshark Wireshark 1.6.6 (including) 1.6.6 (including)
Wireshark Wireshark 1.6.7 (including) 1.6.7 (including)
Wireshark Wireshark 1.6.8 (including) 1.6.8 (including)
Wireshark Wireshark 1.6.9 (including) 1.6.9 (including)
Wireshark Wireshark 1.6.10 (including) 1.6.10 (including)
Wireshark Wireshark 1.6.11 (including) 1.6.11 (including)
Wireshark Wireshark 1.6.12 (including) 1.6.12 (including)
Wireshark Wireshark 1.6.13 (including) 1.6.13 (including)
Wireshark Wireshark 1.6.14 (including) 1.6.14 (including)
Wireshark Wireshark 1.6.15 (including) 1.6.15 (including)
Wireshark Ubuntu lucid *
Wireshark Ubuntu precise *
Wireshark Ubuntu quantal *
Wireshark Ubuntu raring *
Wireshark Ubuntu saucy *
Wireshark Ubuntu upstream *

References