CVE-2013-2486 — Infinite Loop in Wireshark
Severity
7.8HIGHNVD
NVD6.1OSV6.1
EPSS
1.6%
top 17.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 7
Latest updateMay 14
Description
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet.
CVSS vector
AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9
Affected Packages4 packages
Also affects: Debian Linux 7.0
🔴Vulnerability Details
4GHSA▶
GHSA-fqr5-jfvj-chx6: The dissect_diagnosticrequest function in epan/dissectors/packet-reload↗2022-05-14
OSV
▶
📋Vendor Advisories
4Red Hat▶
wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2487]↗2013-03-06
Red Hat▶
wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2486]↗2013-03-06
Debian▶
CVE-2013-2486: wireshark - The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the...↗2013
Debian▶
CVE-2013-2487: wireshark - epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELO...↗2013
💬Community
4Bugzilla▶
wireshark: DoS (excessive CPU consumption) in the RELOAD dissector (wnpa-sec-2013-23, upstream #8362, #8546)↗2013-05-20
Bugzilla▶
CVE-2013-2486 wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2487]↗2013-03-07
Bugzilla▶
CVE-2013-2487 wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2486]↗2013-03-07