Vulnerability Name:

CVE-2013-4075 (CCN-84821)

Assigned:2013-06-07
Published:2013-06-07
Updated:2018-10-30
Summary:epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: UNKNOWN
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674

Source: CONFIRM
Type: UNKNOWN
http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674

Source: MITRE
Type: CNA
CVE-2013-4075

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1084

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1086

Source: CCN
Type: RHSA-2017-0631
Moderate: wireshark security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0631

Source: CCN
Type: SA53762
Wireshark Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
53762

Source: SECUNIA
Type: UNKNOWN
54425

Source: DEBIAN
Type: UNKNOWN
DSA-2709

Source: DEBIAN
Type: DSA-2709
wireshark -- several vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-201308-05

Source: CCN
Type: IBM Security Bulletin 2012757 (Security QRadar Packet Capture)
Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.

Source: CCN
Type: BID-60501
Wireshark CVE-2013-4075 Denial of Service Vulnerability

Source: CCN
Type: Wireshark Web Site
Wireshark 1.6.16 Release Notes

Source: CONFIRM
Type: Vendor Advisory
http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html

Source: CCN
Type: wnpa-sec-2013-33
GMR-1 BCCH dissector crash

Source: CONFIRM
Type: UNKNOWN
http://www.wireshark.org/security/wnpa-sec-2013-33.html

Source: CONFIRM
Type: Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664

Source: CONFIRM
Type: Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726

Source: XF
Type: UNKNOWN
wireshark-cve20134075-dos(84821)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16859

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4075

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_qradar_packet_capture:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20134075
    V
    		CVE-2013-4075
    2022-05-20
    oval:org.opensuse.security:def:32242
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:26156
    P
    		Security update for open-lldp (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:26141
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26130
    P
    		Security update for ghostscript (Critical)
    2021-09-21
    oval:org.opensuse.security:def:26129
    P
    		Security update for gtk-vnc (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:32155
    P
    		Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:36580
    P
    		wireshark-1.10.13-0.2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42729
    P
    		wireshark-1.10.13-0.2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36322
    P
    		wireshark-1.10.13-0.2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26213
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:26205
    P
    		Security update for openssl-1_0_0 (Moderate)
    2021-03-08
    oval:org.opensuse.security:def:26075
    P
    		Security update for ImageMagick (Important)
    2021-01-22
    oval:org.opensuse.security:def:32098
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:32006
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:26333
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27320
    P
    		wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25883
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32564
    P
    		libpython2_6-1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26808
    P
    		postgresql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26448
    P
    		Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:27285
    P
    		rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25872
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:32542
    P
    		kvm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26759
    P
    		libpng12-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26297
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27578
    P
    		wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26647
    P
    		w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25871
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32503
    P
    		e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26706
    P
    		ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31874
    P
    		Security update for cyrus-imapd (Important)
    2020-12-01
    oval:org.opensuse.security:def:27543
    P
    		python-crypto on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26603
    P
    		libsnmp15-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32454
    P
    		Security update for xorg-x11-libICE (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26555
    P
    		glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33285
    P
    		wireshark on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31800
    P
    		Security update for SuSEfirewall2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26905
    P
    		glibc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26589
    P
    		libltdl7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32398
    P
    		Security update for unzip (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26471
    P
    		Security update for Mozilla Thunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33246
    P
    		pyxml on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31789
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26861
    P
    		ant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26550
    P
    		fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26414
    P
    		Security update for python-Django (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25947
    P
    		Security update for freerdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:32608
    P
    		systemtap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31788
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26847
    P
    		yast2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26501
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:com.redhat.rhsa:def:20170631
    P
    		RHSA-2017:0631: wireshark security and bug fix update (Moderate)
    2017-03-21
    oval:org.mitre.oval:def:25205
    P
    		SUSE-SU-2013:1276-1 -- Security update for wireshark
    2014-09-08
    oval:org.mitre.oval:def:25218
    P
    		SUSE-SU-2013:1265-1 -- Security update for wireshark
    2014-09-08
    oval:org.mitre.oval:def:18499
    P
    		DSA-2709-1 wireshark - several
    2014-06-23
    oval:org.mitre.oval:def:16859
    V
    		epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet
    2013-07-22
    oval:com.ubuntu.precise:def:20134075000
    V
    		CVE-2013-4075 on Ubuntu 12.04 LTS (precise) - low.
    2013-06-09
    oval:com.ubuntu.trusty:def:20134075000
    V
    		CVE-2013-4075 on Ubuntu 14.04 LTS (trusty) - low.
    2013-06-09
    BACK
    wireshark wireshark 1.8.0
    wireshark wireshark 1.8.1
    wireshark wireshark 1.8.2
    wireshark wireshark 1.8.3
    wireshark wireshark 1.8.4
    wireshark wireshark 1.8.5
    wireshark wireshark 1.8.6
    wireshark wireshark 1.8.7
    debian debian linux 7.0
    opensuse opensuse 11.4
    opensuse opensuse 12.2
    opensuse opensuse 12.3
    wireshark wireshark 1.8.0
    wireshark wireshark 1.8.1
    wireshark wireshark 1.8.2
    wireshark wireshark 1.8.3
    wireshark wireshark 1.8.4
    wireshark wireshark 1.8.5
    wireshark wireshark 1.8.6
    wireshark wireshark 1.8.7
    redhat enterprise linux desktop 6
    redhat enterprise linux server 6
    redhat enterprise linux workstation 6
    ibm security qradar packet capture 7.3