Red Hat Bugzilla – Bug 1026538
CVE-2013-6337 wireshark: NBAP dissector crash (wnpa-sec-2013-62)
Last modified: 2015-11-25 05:01:24 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6337 to
the following vulnerability:
Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x
before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to
cause a denial of service (application crash) via a crafted packet.
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1026546]
wireshark-1.10.3-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.10.3-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.10.3-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Looking at the commits made to packet-nbap.c (specially because the bug continues to be private), it seems this should roughly match the following:
This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:0342 https://rhn.redhat.com/errata/RHSA-2014-0342.html