CVE-2013-2488

Name of the Vulnerable Software and Affected Versions Wireshark versions 1.6.x through 1.6.13 Wireshark versions 1.8.x through 1.8.5

Description The issue concerns the DTLS dissector in Wireshark, which fails to validate the fragment offset before invoking the reassembly state machine. This allows remote attackers to cause a denial of service, resulting in an application crash, by providing a large offset value that triggers write access to an invalid memory location.

Recommendations For Wireshark versions 1.6.x through 1.6.13, update to version 1.6.14 or later. For Wireshark versions 1.8.x through 1.8.5, update to version 1.8.6 or later.