CVE-2013-5717

Published: Sep 16, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.

Affected (2)

Products: Wireshark: Wireshark

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130

Source: cve@mitre.org

Patch

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827

Source: cve@mitre.org

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19030

Source: cve@mitre.org

https://www.wireshark.org/security/wnpa-sec-2013-54.html

Source: cve@mitre.org

PatchVendor Advisory

http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19030

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.wireshark.org/security/wnpa-sec-2013-54.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.