CVE - CVE-2013-4081

CVE-ID
CVE-2013-4081	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:60505 URL:http://www.securityfocus.com/bid/60505 CONFIRM:http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-http.c?r1=49623&r2=49622&pathrev=49623 CONFIRM:http://anonsvn.wireshark.org/viewvc?view=revision&revision=49623 CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html CONFIRM:http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html CONFIRM:http://www.wireshark.org/security/wnpa-sec-2013-39.html CONFIRM:https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 DEBIAN:DSA-2709 URL:http://www.debian.org/security/2013/dsa-2709 GENTOO:GLSA-201308-05 URL:http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml MANDRIVA:MDVSA-2013:172 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:172~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:16820 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16820 REDHAT:RHSA-2014:0341 URL:http://rhn.redhat.com/errata/RHSA-2014-0341.html SECUNIA:53762 URL:http://secunia.com/advisories/53762 SECUNIA:54425 URL:http://secunia.com/advisories/54425 SUSE:openSUSE-SU-2013:1084 URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html SUSE:openSUSE-SU-2013:1086 URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
Assigning CNA
MITRE Corporation
Date Record Created
20130609	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130609)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)