CVE-2013-4929 | Vulnerability Database | Aqua Security

The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	1.8.0 (including)	1.8.0 (including)
Wireshark	Wireshark	1.8.1 (including)	1.8.1 (including)
Wireshark	Wireshark	1.8.2 (including)	1.8.2 (including)
Wireshark	Wireshark	1.8.3 (including)	1.8.3 (including)
Wireshark	Wireshark	1.8.4 (including)	1.8.4 (including)
Wireshark	Wireshark	1.8.5 (including)	1.8.5 (including)
Wireshark	Wireshark	1.8.6 (including)	1.8.6 (including)
Wireshark	Wireshark	1.8.7 (including)	1.8.7 (including)
Wireshark	Wireshark	1.8.8 (including)	1.8.8 (including)
Wireshark	Ubuntu	lucid	*
Wireshark	Ubuntu	precise	*
Wireshark	Ubuntu	quantal	*
Wireshark	Ubuntu	raring	*
Wireshark	Ubuntu	upstream	*

References

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dis-pdus.c?r1=50450\u0026r2=50449\u0026pathrev=50450
http://anonsvn.wireshark.org/viewvc?view=revision\u0026revision=50450
http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html
http://secunia.com/advisories/54296
http://secunia.com/advisories/54371
http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8911
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17028
https://www.wireshark.org/security/wnpa-sec-2013-47.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4929
CWE	https://cwe.mitre.org/data/definitions/189.html