Release date:
Updated on:
Affected Systems:
Wireshark 1.8.x
Wireshark 1.6.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-1588
Wireshark is the most popular network protocol parser.
Wireshark 1.6.x, 1.8.x epan/dissectors/packet-dcp-etsi.c the dissect_pft_fec_detailed function in the DCP-ETSI parser has multiple buffer overflow vulnerabilities that allow remote attackers to cause application crashes and DOS through malformed packets.
<* Source: Laurent Butti
Link: http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2013-1588
Http://www.wireshark.org/security/wnpa-sec-2013-07.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Wireshark
---------
Wireshark has released a Security Bulletin (wnpa-sec-2013-07) and corresponding patches for this:
Wnpa-sec-2013-07: DCP-ETSI dissector crash
Link: http://www.wireshark.org/security/wnpa-sec-2013-07.html