Уязвимость аварийного завершения работы парсера файлов NetScaler в Wireshark при обработке поврежденного файла захвата
Описание
Уязвимость в Wireshark связана с аварийным завершением работы (crash) парсера файлов NetScaler, которое происходит при обработке некорректного файла захвата. Проблема была решена в файле wiretap/netscaler.c путем проверки соответствия между страницами и записями.
Затронутые версии ПО
- Wireshark версии с 2.2.0 по 2.2.4
- Wireshark версии с 2.0.0 по 2.0.10
Тип уязвимости
Аварийное завершение работы
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2