CVE-2013-2487

Name of the Vulnerable Software and Affected Versions Wireshark versions 1.8.x through 1.8.5

Description The issue is related to the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark, where incorrect integer data types are used. This allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. The affected functions include dissect icecandidates, dissect kinddata, dissect nodeid list, dissect storeans, dissect storereq, dissect storeddataspecifier, dissect fetchreq, dissect findans, dissect diagnosticinfo, dissect diagnosticresponse, dissect reload messagecontents, and dissect reload message.

Recommendations For Wireshark versions 1.8.x through 1.8.5, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider disabling the affected dissector functions until a patch is available. Restrict access to the vulnerable epan/dissectors/packet-reload.c module to minimize the risk of exploitation. Avoid using crafted integer values in packets to prevent denial of service attacks.