Denial of Service Vulnerability in Wireshark by The Wireshark Foundation
CVE-2013-2478
Currently unrated
What is CVE-2013-2478?
The dissect_server_info function in the MS-MMS dissector of Wireshark prior to specific versions fails to manage string lengths correctly. This oversight can allow remote attackers to initiate a denial of service by sending a malformed packet that either causes an integer overflow or incorporates embedded null characters within strings, leading to application crashes. Proper handling of input data is crucial for maintaining the stability and security of the application.