CVE-2025-1492

Опубликовано: 20 фев. 2025

Источник: debian

Описание

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wireshark	fixed	4.4.4-1		package
wireshark	not-affected		bullseye	package

Примечания

Crash in CLI tool, no security impact
https://www.wireshark.org/security/wnpa-sec-2025-01.html
https://gitlab.com/wireshark/wireshark/-/issues/20373
CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0

Связанные уязвимости

CVE-2025-1492

CVSS3: 7.8

ubuntu

12 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.5

redhat

12 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.8

nvd

12 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

SUSE-SU-2025:0754-1

suse-cvrf

11 месяцев назад

Security update for wireshark

RLSA-2025:9121

rocky

4 месяца назад

Moderate: wireshark security update