CVE-2020-9428

Опубликовано: 27 фев. 2020

Источник: debian

EPSS Низкий

Описание

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wireshark	fixed	3.2.2-1		package
wireshark	fixed	2.6.20-0+deb10u1	buster	package
wireshark	not-affected		jessie	package

Примечания

https://www.wireshark.org/security/wnpa-sec-2020-05.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2

EPSS

Процентиль: 92%

0.08184

Низкий

Связанные уязвимости

CVE-2020-9428

CVSS3: 7.5

ubuntu

почти 6 лет назад

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

CVE-2020-9428

CVSS3: 7.5

redhat

почти 6 лет назад

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

CVE-2020-9428

CVSS3: 7.5

nvd

почти 6 лет назад

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

GHSA-q44r-xw3x-72c6

github

больше 3 лет назад

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

BDU:2022-00215

CVSS3: 7.5

fstec

почти 6 лет назад

Уязвимость программы для анализа трафика wireshark, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 92%

0.08184

Низкий