Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v96u-cjam-f3dx
Vulnerability ID VCID-v96u-cjam-f3dx
Aliases CVE-2013-4074
Summary Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2013-4074
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-4074
Reference id Reference type URL
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716
http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716
http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html
http://osvdb.org/show/osvdb/94091
http://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4074.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4074
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083
http://secunia.com/advisories/53762
http://secunia.com/advisories/54425
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16698
http://www.debian.org/security/2013/dsa-2709
http://www.exploit-db.com/exploits/33556
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:172
http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html
http://www.wireshark.org/security/wnpa-sec-2013-32.html
711918 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711918
972679 https://bugzilla.redhat.com/show_bug.cgi?id=972679
cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.13:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.14:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.15:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wireshark:wireshark:1.8.7:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
CVE-2013-4074 https://nvd.nist.gov/vuln/detail/CVE-2013-4074
CVE-2013-4074;OSVDB-94091 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33556.rb
GLSA-201308-05 https://security.gentoo.org/glsa/201308-05
Data source Exploit-DB
Date added May 28, 2014
Description Wireshark CAPWAP Dissector - Denial of Service (Metasploit)
Ransomware campaign use Known
Source publication date May 28, 2014
Exploit type dos
Platform multiple
Source update date May 28, 2014
Data source Metasploit
Description This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a packet correctly when an incorrect length is given.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date April 28, 2014
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/wireshark/capwap.rb
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4074
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96824
EPSS Score 0.32457
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:19.643221+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201308-05 38.0.0