CVE-2013-5717 — Improper Input Validation in Wireshark

CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 57.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedSep 16

Latest updateMay 14

Description

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 1.10.2-1 (bookworm)

▶Debianwireshark/wireshark< 1.10.2-1+3

▶NVDwireshark/wireshark1.10.0, 1.10.1+1

Patches

Patch: anonsvn.wireshark.org ↗Patch: bugs.wireshark.org ↗Patch: www.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-7hvc-9p8r-gwvm: The Bluetooth HCI ACL dissector in Wireshark 1↗2022-05-14

▶

OSV

CVE-2013-5717: The Bluetooth HCI ACL dissector in Wireshark 1↗2013-09-16

▶

📋Vendor Advisories

Red Hat

wireshark: Bluetooth HCI ACL dissector crash (wnpa-sec-2013-54, upstream bug 8827)↗2013-09-10

▶

Debian

CVE-2013-5717: wireshark - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not prope...↗2013

▶

💬Community

Bugzilla

CVE-2013-5717 wireshark: Bluetooth HCI ACL dissector crash (wnpa-sec-2013-54, upstream bug 8827)↗2013-09-12

▶

Bugzilla

CVE-2013-5717 wireshark: Bluetooth HCI ACL dissector crash (wnpa-sec-2013-54, upstream bug 8827) [fedora-19]↗2013-09-12

▶