CVE-2013-4074
published 2013-06-09CVE-2013-4074: The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly…
PriorityP342medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
60.64%
99.0th percentile
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | wireshark | < wireshark 1.10.0-1 (bookworm) | wireshark 1.10.0-1 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
| wireshark | wireshark | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for anomalously short (19-byte) UDP datagrams destined to port 5247 (CAPWAP data channel) that carry an incomplete CAPWAP payload, as this is the exploit delivery mechanism. ↗
- →Affected Wireshark versions are 1.6.0–1.6.15 and 1.8.0–1.8.7; presence of these versions on a host receiving CAPWAP traffic on UDP/5247 indicates exposure. ↗
- ·The exploit only triggers the vulnerability if Wireshark is actively capturing/dissecting traffic on the interface receiving the crafted UDP packet; passive capture must be running for the crash to occur. ↗
- ·Red Hat Enterprise Linux 5 and 6 ship a version of Wireshark without CAPWAP dissector support and are therefore not affected, reducing the detection priority on those platforms. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
vendor_redhat·2013-06-07·CVSS 5.0
CVE-2013-4074 [MEDIUM] wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Statement: Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.
Package: wireshark (Red Hat Enterprise Linux 5) - Not affected
Package: wireshark (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2013-4074: wireshark - The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWA...
vendor_debian·2013·CVSS 5.0
CVE-2013-4074 [MEDIUM] CVE-2013-4074: wireshark - The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWA...
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Scope: local
bookworm: resolved (fixed in 1.10.0-1)
bullseye: resolved (fixed in 1.10.0-1)
forky: resolved (fixed in 1.10.0-1)
sid: resolved (fixed in 1.10.0-1)
trixie: resolved (fixed in 1.10.0-1)
GHSA
GHSA-xp6r-3p5r-p29g: The dissect_capwap_data function in epan/dissectors/packet-capwap
ghsa_unreviewed·2022-05-14
CVE-2013-4074 [MEDIUM] GHSA-xp6r-3p5r-p29g: The dissect_capwap_data function in epan/dissectors/packet-capwap
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
OSV
CVE-2013-4074: The dissect_capwap_data function in epan/dissectors/packet-capwap
osv·2013-06-09·CVSS 5.0
CVE-2013-4074 [MEDIUM] CVE-2013-4074: The dissect_capwap_data function in epan/dissectors/packet-capwap
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
No detection rules found.
Exploit-DB
Wireshark CAPWAP Dissector - Denial of Service (Metasploit)
exploitdb·2014-05-28
CVE-2013-4074 Wireshark CAPWAP Dissector - Denial of Service (Metasploit)
Wireshark CAPWAP Dissector - Denial of Service (Metasploit)
---
#
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Wireshark CAPWAP Dissector DoS',
'Description' => %q{
This module inject a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0
to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an
incomplete packet.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Laurent Butti', # Discovery vulnerability
'j0sm1' # Auxiliary msf module
],
'References' =>
[
['CVE', '2013-4074'],
['OSVDB', '94091'],
['BID', '60500']
],
'DisclosureDate' => 'Apr 28 2014'))
# Protocol capwap needs port 5247 to trigger the dissector in wireshark
regist
Metasploit
Wireshark CAPWAP Dissector DoS
metasploit
Wireshark CAPWAP Dissector DoS
Wireshark CAPWAP Dissector DoS
This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a packet correctly when an incorrect length is given.
Bugzilla
CVE-2013-4074 CVE-2013-4076 CVE-2013-4080 CVE-2013-4081 CVE-2013-4083 wireshark various flaws [fedora-17]
bugzilla·2013-06-10·CVSS 5.0
CVE-2013-4074 [MEDIUM] CVE-2013-4074 CVE-2013-4076 CVE-2013-4080 CVE-2013-4081 CVE-2013-4083 wireshark various flaws [fedora-17]
CVE-2013-4074 CVE-2013-4076 CVE-2013-4080 CVE-2013-4081 CVE-2013-4083 wireshark various flaws [fedora-17]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Bugzilla
CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 wireshark various flaws [fedora-18]
bugzilla·2013-06-10·CVSS 5.0
CVE-2013-4074 [MEDIUM] CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 wireshark various flaws [fedora-18]
CVE-2013-4074 CVE-2013-4075 CVE-2013-4076 CVE-2013-4077 CVE-2013-4078 CVE-2013-4079 CVE-2013-4080 CVE-2013-4081 CVE-2013-4082 CVE-2013-4083 wireshark various flaws [fedora-18]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being
Bugzilla
CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
bugzilla·2013-06-10·CVSS 5.0
CVE-2013-4074 [MEDIUM] CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector (wnpa-sec-2013-32)
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4074 to the following vulnerability:
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
References:
[1] http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716
[2] http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716
[3] http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
[4] http://www.wireshark.org/docs/relnot
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00196.htmlhttp://osvdb.org/show/osvdb/94091http://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.htmlhttp://secunia.com/advisories/53762http://secunia.com/advisories/54425http://www.debian.org/security/2013/dsa-2709http://www.exploit-db.com/exploits/33556http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:172http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.htmlhttp://www.wireshark.org/docs/relnotes/wireshark-1.8.8.htmlhttp://www.wireshark.org/security/wnpa-sec-2013-32.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16698http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00196.htmlhttp://osvdb.org/show/osvdb/94091http://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.htmlhttp://secunia.com/advisories/53762http://secunia.com/advisories/54425http://www.debian.org/security/2013/dsa-2709http://www.exploit-db.com/exploits/33556http://www.gentoo.org/security/en/glsa/glsa-201308-05.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:172http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.htmlhttp://www.wireshark.org/docs/relnotes/wireshark-1.8.8.htmlhttp://www.wireshark.org/security/wnpa-sec-2013-32.htmlhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16698
2013-06-09
Published