Red Hat Bugzilla – Bug 1026539
CVE-2013-6338 wireshark: SIP dissector crash (wnpa-sec-2013-63)
Last modified: 2015-11-25 05:01:30 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6338 to
the following vulnerability:
The dissect_sip_common function in epan/dissectors/packet-sip.c in the
SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before
1.10.3 does not properly initialize a data structure, which allows
remote attackers to cause a denial of service (application crash) via
a crafted packet.
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1026546]
wireshark-1.10.3-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.10.3-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
wireshark-1.10.3-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:0342 https://rhn.redhat.com/errata/RHSA-2014-0342.html