{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2017:0631", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0631.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html"}, {"name": "53762", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53762"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664"}, {"name": "54425", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54425"}, {"name": "GLSA-201308-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"}, {"name": "openSUSE-SU-2013:1086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"}, {"name": "DSA-2709", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2709"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.wireshark.org/security/wnpa-sec-2013-33.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726"}, {"name": "oval:org.mitre.oval:def:16859", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16859"}, {"name": "openSUSE-SU-2013:1084", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4075", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0631", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0631.html"}, {"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674", "refsource": "CONFIRM", "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674"}, {"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html"}, {"name": "53762", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53762"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664"}, {"name": "54425", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54425"}, {"name": "GLSA-201308-05", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"}, {"name": "openSUSE-SU-2013:1086", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"}, {"name": "DSA-2709", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2709"}, {"name": "http://www.wireshark.org/security/wnpa-sec-2013-33.html", "refsource": "CONFIRM", "url": "http://www.wireshark.org/security/wnpa-sec-2013-33.html"}, {"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674", "refsource": "CONFIRM", "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674"}, {"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726", "refsource": "CONFIRM", "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726"}, {"name": "oval:org.mitre.oval:def:16859", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16859"}, {"name": "openSUSE-SU-2013:1084", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:30:50.025Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0631", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0631.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html"}, {"name": "53762", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53762"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664"}, {"name": "54425", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54425"}, {"name": "GLSA-201308-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"}, {"name": "openSUSE-SU-2013:1086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"}, {"name": "DSA-2709", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2709"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.wireshark.org/security/wnpa-sec-2013-33.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726"}, {"name": "oval:org.mitre.oval:def:16859", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16859"}, {"name": "openSUSE-SU-2013:1084", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4075", "datePublished": "2013-06-09T21:00:00", "dateReserved": "2013-06-09T00:00:00", "dateUpdated": "2024-08-06T16:30:50.025Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "606DF728-1DA6-4989-B40A-44471CC677DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F824AE6B-B087-4C69-8F73-7B146920FC3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6702EAA1-7FBD-4755-B7C2-C2B3A1AFF142", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "AF6D1967-500E-4E96-A6D2-CE17EA839572", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E8400AD4-ECE9-4810-B559-D4EB03AECC50", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "424B66E9-56F8-4D87-94C6-80F5EA0BD1B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6BD261DB-1794-473F-BAD9-E5B7771288BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "E1007895-7CC2-4C2D-BACB-BAE6DECDB840", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."}, {"lang": "es", "value": "epan/dissectors/packet-gmr1_bcch.c en el dissector GMR-1 BCCH en Wireshark v1.8.x anterior a v1.8.8 no inicializa correctamente memoria, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un paquetes especialmente dise\u00f1ado."}], "id": "CVE-2013-4075", "lastModified": "2018-10-30T16:27:34.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-06-09T21:55:01.427", "references": [{"source": "cve@mitre.org", "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gmr1_bcch.c?r1=44674&r2=44673&pathrev=44674"}, {"source": "cve@mitre.org", "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44674"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0631.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/53762"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/54425"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2709"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html"}, {"source": "cve@mitre.org", "url": "http://www.wireshark.org/security/wnpa-sec-2013-33.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16859"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0631", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "wireshark-0:1.8.10-25.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-21T00:00:00Z"}], "bugzilla": {"description": "wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)", "id": "972680", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=972680"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "A flaw was found in GMR (Geo-Mobile Radio) 1 BCCH protocol dissector of wireshark which an attacker can trigger a denial of service attack and crash wireshark by sending a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file."], "name": "CVE-2013-4075", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-06-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4075\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4075\nhttp://www.wireshark.org/security/wnpa-sec-2013-33.html"], "statement": "Red Hat Product Security has rated this issue as having Low security impact for Red Hat Enterprise Linux 6. It does not affect the version of wireshark shipped with Red Hat Enterprise Linux 5. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "wireshark 1.8.8"}