CVE-2025-1492

Опубликовано: 20 фев. 2025

Источник: debian

EPSS Низкий

Описание

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wireshark	fixed	4.4.4-1		package
wireshark	not-affected		bullseye	package

Примечания

Crash in CLI tool, no security impact
https://www.wireshark.org/security/wnpa-sec-2025-01.html
https://gitlab.com/wireshark/wireshark/-/issues/20373
CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0

EPSS

Процентиль: 6%

0.00028

Низкий

Связанные уязвимости

CVE-2025-1492

CVSS3: 7.8

ubuntu

6 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 5.5

redhat

6 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.8

nvd

6 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

SUSE-SU-2025:0754-1

suse-cvrf

5 месяцев назад

Security update for wireshark

GHSA-hrqm-vf6v-j4gp

CVSS3: 7.8

github

6 месяцев назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

EPSS

Процентиль: 6%

0.00028

Низкий