CVE-2013-2487 — Infinite Loop in Wireshark
Severity
7.8HIGHNVD
OSV6.1
EPSS
3.6%
top 12.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 7
Latest updateMay 14
Description
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_dia…
CVSS vector
AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9
Affected Packages4 packages
Also affects: Debian Linux 7.0
🔴Vulnerability Details
2📋Vendor Advisories
3Red Hat▶
wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2487]↗2013-03-06
Red Hat▶
wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2486]↗2013-03-06
Debian▶
CVE-2013-2487: wireshark - epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELO...↗2013
💬Community
4Bugzilla▶
wireshark: DoS (excessive CPU consumption) in the RELOAD dissector (wnpa-sec-2013-23, upstream #8362, #8546)↗2013-05-20
Bugzilla▶
CVE-2013-2486 wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2487]↗2013-03-07
Bugzilla▶
CVE-2013-2487 wireshark: Infinite loop in the RELOAD dissector (wnpa-sec-2013-21, upstream bug 8364) [A different flaw than CVE-2013-2486]↗2013-03-07