Vulnerability Details : CVE-2013-5721
The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-5721
Probability of exploitation activity in the next 30 days: 0.98%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-5721
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-5721
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5721
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html
openSUSE-SU-2013:1483-1: moderate: update for wireshark
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9079
9079 – Buildbot crash output: fuzz-2013-08-27-29828.pcapExploit
-
http://anonsvn.wireshark.org/viewvc?view=revision&revision=51603
code.wireshark Code Review - wireshark.git/treePatch
-
https://www.wireshark.org/security/wnpa-sec-2013-58.html
Wireshark · wnpa-sec-2013-58 · MQ dissector crashVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0341.html
RHSA-2014:0341 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html
openSUSE-SU-2013:1481-1: moderate: update for wireshark
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18518
Repository / Oval Repository
Products affected by CVE-2013-5721
- cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:1.8.9:*:*:*:*:*:*:*