CVE-2013-4081 (retired)

The http_payload_subdissector function in epan/dissectors/packet-http.c in
the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8
does not properly determine when to use a recursive approach, which allows
remote attackers to cause a denial of service (stack consumption) via a
crafted packet.
Upstream:released (1.6.16, 1.8.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.10.6-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.12.1+g01b65bf-2)
More Information

Updated: 2019-03-26 12:09:21 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)