Summary
This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause denial of service via a crafted packet.
Impact Level: Application
Solution
Upgrade to the Wireshark version 1.6.16 or 1.8.8 or later, For updates refer to http://www.wireshark.org/download
Insight
- 'http_payload_subdissector' function in epan/dissectors/packet-http.c in HTTP dissector does not determine when to use a recursive approach.
- 'dissect_capwap_data' function in epan/dissectors/packet-capwap.c in CAPWAP dissector incorrectly uses a -1 data value to represent an error condition.
Affected
Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8 on Windows
References
Severity
Classification
-
CVE CVE-2013-4074, CVE-2013-4081 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities