Denial of Service Vulnerability in Wireshark by The Wireshark Foundation
CVE-2013-2478

Currently unrated

Key Information:

Vendor

Opensuse

Vendor
CVE Published:
7 March 2013

What is CVE-2013-2478?

The dissect_server_info function in the MS-MMS dissector of Wireshark prior to specific versions fails to manage string lengths correctly. This oversight can allow remote attackers to initiate a denial of service by sending a malformed packet that either causes an integer overflow or incorporates embedded null characters within strings, leading to application crashes. Proper handling of input data is crucial for maintaining the stability and security of the application.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.