Vulnerability Details : CVE-2013-4926
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4926
Probability of exploitation activity in the next 30 days: 0.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4926
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4926
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4926
-
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
Wireshark: Multiple vulnerabilities (GLSA 201308-05) — Gentoo security
-
http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html
Wireshark · Wireshark 1.10.1 Release Notes
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8828
8828 – DCOM-SYSACT dissector crash
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17547
Repository / Oval Repository
-
http://anonsvn.wireshark.org/viewvc?view=revision&revision=50478
code.wireshark Code Review - wireshark.git/treePatch
-
https://www.wireshark.org/security/wnpa-sec-2013-44.html
Wireshark · wnpa-sec-2013-44 · DCOM ISystemActivator dissector crashVendor Advisory
-
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcom-sysact.c?r1=50478&r2=50477&pathrev=50478
code.wireshark Code Review - wireshark.git/treePatch
Products affected by CVE-2013-4926
- cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*