{
  "threat_severity" : "Low",
  "public_date" : "2013-06-07T00:00:00Z",
  "bugzilla" : {
    "description" : "wireshark: DoS (crash) in the GMR-1 BCCH dissector (wnpa-sec-2013-33)",
    "id" : "972680",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=972680"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "details" : [ "epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.", "A flaw was found in GMR (Geo-Mobile Radio) 1 BCCH protocol dissector of wireshark which an attacker can trigger a denial of service attack and crash wireshark by sending a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file." ],
  "statement" : "Red Hat Product Security has rated this issue as having Low security impact for Red Hat Enterprise Linux 6.  It does not affect the version of wireshark shipped with Red Hat Enterprise Linux 5.  This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-03-21T00:00:00Z",
    "advisory" : "RHSA-2017:0631",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "wireshark-0:1.8.10-25.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-4075\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4075\nhttp://www.wireshark.org/security/wnpa-sec-2013-33.html" ],
  "name" : "CVE-2013-4075",
  "csaw" : false
}