CVE-2025-1492

Опубликовано: 20 фев. 2025

Источник: debian

EPSS Низкий

Описание

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wireshark	fixed	4.4.4-1		package
wireshark	not-affected		bullseye	package

Примечания

Crash in CLI tool, no security impact
https://www.wireshark.org/security/wnpa-sec-2025-01.html
https://gitlab.com/wireshark/wireshark/-/issues/20373
CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0

EPSS

Процентиль: 5%

0.00021

Низкий

Связанные уязвимости

CVE-2025-1492

CVSS3: 7.8

ubuntu

10 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.5

redhat

10 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.8

nvd

10 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

SUSE-SU-2025:0754-1

suse-cvrf

10 месяцев назад

Security update for wireshark

RLSA-2025:9121

rocky

3 месяца назад

Moderate: wireshark security update

EPSS

Процентиль: 5%

0.00021

Низкий