Wireshark up to 1.10.0 GSM A Common Dissector packet-gsm_a_common.c input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Wireshark up to 1.10.0. This vulnerability affects unknown code of the file epan/dissectors/packet-gsm_a_common.c of the component GSM A Common Dissector. Performing a manipulation results in input validation. This vulnerability is identified as CVE-2013-4932. There is not any exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Wireshark up to 1.10.0 (Packet Analyzer Software). It has been classified as critical. This affects some unknown processing of the file epan/dissectors/packet-gsm_a_common.c of the component GSM A Common Dissector. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on availability. The summary by CVE is:
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.
The weakness was released 07/26/2013 by Oliver-Tobias Ripka as wnpa-sec-2013-50 as confirmed advisory (Website). It is possible to read the advisory at wireshark.org. The public release was coordinated with the project team. This vulnerability is uniquely identified as CVE-2013-4932 since 07/26/2013. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 71268 (Amazon Linux AMI : wireshark (ALAS-2013-251)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Amazon Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 350493 (Amazon Linux Security Advisory for wireshark: ALAS-2013-251).
Upgrading to version 1.10.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (71268), SecurityFocus (BID 61471†), OSVDB (95716†), Secunia (SA54296†) and Vulnerability Center (SBV-40827†). Entries connected to this vulnerability are available at VDB-5444, VDB-5991, VDB-5992 and VDB-5993. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.wireshark.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 71268
Nessus Name: Amazon Linux AMI : wireshark (ALAS-2013-251)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 892734
OpenVAS Name: Debian Security Advisory DSA 2734-1 (wireshark - several vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Wireshark 1.10.1
Timeline
07/26/2013 🔍07/26/2013 🔍
07/26/2013 🔍
07/29/2013 🔍
07/29/2013 🔍
07/29/2013 🔍
07/29/2013 🔍
07/30/2013 🔍
08/05/2013 🔍
05/20/2021 🔍
Sources
Product: wireshark.orgAdvisory: wnpa-sec-2013-50
Researcher: Oliver-Tobias Ripka
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-4932 (🔍)
GCVE (CVE): GCVE-0-2013-4932
GCVE (VulDB): GCVE-100-9771
OVAL: 🔍
IAVM: 🔍
SecurityFocus: 61471 - Wireshark Multiple Denial of Service Vulnerabilities
Secunia: 54296 - Wireshark Multiple Denial of Service Vulnerabilities, Moderately Critical
OSVDB: 95716
Vulnerability Center: 40827 - Wireshark Remote DoS via Malformed Packet due to Multiple Array Index Errors in the GSM A Common Dissector, Medium
See also: 🔍
Entry
Created: 07/30/2013 10:53Updated: 05/20/2021 17:38
Changes: 07/30/2013 10:53 (83), 05/07/2017 11:38 (4), 05/20/2021 17:38 (3)
Complete: 🔍
Committer: olku
Cache ID: 216:DF7:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.