Candidate: CVE-2013-4082
PublicDate: 2013-06-09 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4082
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
 http://www.wireshark.org/security/wnpa-sec-2013-40.html
 http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49739
 http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=49739&r2=49738&pathrev=49739
Description:
 The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser
 in Wireshark 1.8.x before 1.8.8 does not validate the relationship between
 a record length and a trailer length, which allows remote attackers to
 cause a denial of service (heap-based buffer overflow and application
 crash) via a crafted packet.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 


Patches_wireshark:
upstream_wireshark: needs-triage
lucid_wireshark: ignored (reached end-of-life)
precise_wireshark: not-affected (1.6.7-1)
quantal_wireshark: ignored (reached end-of-life)
raring_wireshark: released (1.8.2-5wheezy4build0.13.04.1)
saucy_wireshark: ignored (reached end-of-life)
trusty_wireshark: not-affected (1.10.6-1)
trusty/esm_wireshark: not-affected (1.10.6-1)
utopic_wireshark: not-affected (1.12.0+git+4fab41a1-1)
devel_wireshark: not-affected (1.12.1+g01b65bf-2)