CVE-2013-2488

Priority
Description
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6
does not validate the fragment offset before invoking the reassembly state
machine, which allows remote attackers to cause a denial of service
(application crash) via a large offset value that triggers write access to
an invalid memory location.
Notes
Package
Upstream:released (1.6.14, 1.8.6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1.10.6-1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.12.1+g01b65bf-2)
More Information

Updated: 2019-12-05 21:04:38 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)