CVE-2013-2481

Published: 07 March 2013

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.

Priority

Medium

Status

Package Release Status
wireshark
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.14, 1.8.6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.12.1+g01b65bf-2)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.10.6-1)
Patches:
Upstream: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672