Описание
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| wireshark | fixed | 4.0.6-1~exp1 | experimental | package |
| wireshark | fixed | 4.0.6-1 | package | |
| wireshark | not-affected | buster | package |
Примечания
https://www.wireshark.org/security/wnpa-sec-2023-18.html
https://gitlab.com/wireshark/wireshark/-/issues/19085
Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/77d94aea243c3eca2be4749fce3145218fdf8b29 (v3.3.0)
EPSS
Связанные уязвимости
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
EPSS