Уязвимость бесконечного цикла парсера файлов NetScaler в Wireshark
Описание
В Wireshark существует уязвимость, связанная с бесконечным циклом в парсере файлов NetScaler, которая активируется при обработке некорректного файла захвата. Проблема была решена в модуле wiretap/netscaler.c путем валидации размеров записей.
Затронутые версии ПО
- Wireshark 2.2.0 до 2.2.4
- Wireshark 2.0.0 до 2.0.10
Тип уязвимости
Бесконечный цикл
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2