CVE-2013-4936NULL Pointer Dereference in Wireshark

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
1.1%
top 22.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedJul 30
Latest updateMay 17

Description

The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wireshark< wireshark 1.10.1-1 (bookworm)
Debianwireshark/wireshark< 1.10.1-1+3

Patches

Patch: anonsvn.wireshark.orgPatch: bugs.wireshark.orgPatch: anonsvn.wireshark.org

🔴Vulnerability Details

2
GHSA
GHSA-8w88-rf2v-q634: The IsDFP_Frame function in plugins/profinet/packet-pn-rt2022-05-17
OSV
CVE-2013-4936: The IsDFP_Frame function in plugins/profinet/packet-pn-rt2013-07-30

📋Vendor Advisories

2
Red Hat
wireshark: DoS (NULL pointer dereference, crash) in the PROFINET Real-Time dissector (wnpa-sec-2013-53)2013-07-26
Debian
CVE-2013-4936: wireshark - The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real...2013

💬Community

2
Bugzilla
CVE-2013-4936 wireshark: DoS (NULL pointer dereference, crash) in the PROFINET Real-Time dissector (wnpa-sec-2013-53)2013-07-30
Bugzilla
wireshark: 17 CVEs fixed within 1.10.1 version [fedora-19]2013-07-30