CVE-2025-1492

Опубликовано: 20 фев. 2025

Источник: debian

EPSS Низкий

Описание

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wireshark	fixed	4.4.4-1		package
wireshark	no-dsa		bookworm	package
wireshark	not-affected		bullseye	package

Примечания

https://www.wireshark.org/security/wnpa-sec-2025-01.html
https://gitlab.com/wireshark/wireshark/-/issues/20373
CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0

EPSS

Процентиль: 16%

0.0005

Низкий

Связанные уязвимости

CVE-2025-1492

CVSS3: 7.8

ubuntu

около 1 года назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.5

redhat

около 1 года назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CVE-2025-1492

CVSS3: 7.8

nvd

около 1 года назад

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

SUSE-SU-2025:0754-1

suse-cvrf

около 1 года назад

Security update for wireshark

RLSA-2025:9121

rocky

6 месяцев назад

Moderate: wireshark security update

EPSS

Процентиль: 16%

0.0005

Низкий