CVE-2013-2488
Description
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.866
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Wireshark x64 1.6.14 | Windows |
| Multiple vulnerabilities fixed in Wireshark x64 1.8.6 | Windows |
| Multiple vulnerabilities are fixed in Wireshark for Mac 1.8.6 | Mac |
| Multiple vulnerabilities are fixed in Wireshark for Mac 1.6.14 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-338541 | Wireshark (3.6.24) |
| PATCH-338541 | Wireshark (3.6.24) |
| PATCH-612949 | WireShark for Mac (4.6.2) |
| PATCH-612949 | WireShark for Mac (4.6.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234