Wireshark DTLS Dissector CVE-2013-2488 Denial of Service Vulnerability

Bugtraq ID:	58365
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2013-2488
Remote:	Yes
Local:	No
Published:	Mar 06 2013 12:00AM
Updated:	Apr 09 2013 01:58PM
Credit:	Laurent Butti
Vulnerable:	Wireshark Wireshark 1.6.8 Wireshark Wireshark 1.6.7 Wireshark Wireshark 1.6.6 Wireshark Wireshark 1.6.5 Wireshark Wireshark 1.6.4 Wireshark Wireshark 1.6.3 Wireshark Wireshark 1.6.2 Wireshark Wireshark 1.6.1 Wireshark Wireshark 1.6 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:

Wireshark DTLS Dissector CVE-2013-2488 Denial of Service Vulnerability

Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

Attackers can exploit this issue to cause the application to crash, resulting in denial-of-service conditions.

Wireshark versions 1.8.0 through 1.8.5 and 1.6.0 through 1.6.13 are vulnerable.

Wireshark DTLS Dissector CVE-2013-2488 Denial of Service Vulnerability

A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.

Wireshark DTLS Dissector CVE-2013-2488 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Wireshark DTLS Dissector CVE-2013-2488 Denial of Service Vulnerability

References:

• Wireshark Homepage (Wireshark)