CVE-2013-5721

2013-09-1613:01:00

CWE-20

[email protected]

web.nvd.nist.gov

wireshark

cve-2013-5721

security vulnerability

denial of service

application crash

nvd

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.5%

JSON

The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

CPENameOperatorVersion
wireshark:wiresharkwiresharkeq1.8.6
wireshark:wiresharkwiresharkeq1.8.2
wireshark:wiresharkwiresharkeq1.8.9
wireshark:wiresharkwiresharkeq1.8.3
wireshark:wiresharkwiresharkeq1.10.0
wireshark:wiresharkwiresharkeq1.8.1
wireshark:wiresharkwiresharkeq1.10.1
wireshark:wiresharkwiresharkeq1.8.7
wireshark:wiresharkwiresharkeq1.8.0
wireshark:wiresharkwiresharkeq1.8.4

CPE	Name	Operator	Version
wireshark:wireshark	wireshark	eq	1.8.6
wireshark:wireshark	wireshark	eq	1.8.2
wireshark:wireshark	wireshark	eq	1.8.9
wireshark:wireshark	wireshark	eq	1.8.3
wireshark:wireshark	wireshark	eq	1.10.0
wireshark:wireshark	wireshark	eq	1.8.1
wireshark:wireshark	wireshark	eq	1.10.1
wireshark:wireshark	wireshark	eq	1.8.7
wireshark:wireshark	wireshark	eq	1.8.0
wireshark:wireshark	wireshark	eq	1.8.4