CVE-2013-7113

Published: Dec 19, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Affected (4)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	Version 1.10.0
Wireshark Wireshark	Version 1.10.1
Wireshark Wireshark	Version 1.10.2
Wireshark Wireshark	Version 1.10.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c?r1=53803&r2=53802&pathrev=53803

Source: cve@mitre.org

ExploitPatch

http://anonsvn.wireshark.org/viewvc?view=revision&revision=53803

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-updates/2014-01/msg00007.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2014-01/msg00011.html

Source: cve@mitre.org

http://secunia.com/advisories/56052

Source: cve@mitre.org

http://secunia.com/advisories/56313

Source: cve@mitre.org

http://www.debian.org/security/2013/dsa-2825

Source: cve@mitre.org

http://www.wireshark.org/security/wnpa-sec-2013-67.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488

Source: cve@mitre.org

ExploitPatch

http://anonsvn.wireshark.org/viewvc/trunk-1.10/epan/dissectors/packet-bssgp.c?r1=53803&r2=53802&pathrev=53803