Уязвимость бесконечного цикла в диссекторе DNS в Wireshark
Описание
В Wireshark была обнаружена уязвимость, при которой диссектор DNS мог впадать в бесконечный цикл. Эта проблема была решена в epan/dissectors/packet-dns.c путем попытки обнаружить самоссылающиеся указатели.
Затронутые версии ПО
- Wireshark версии 2.2.0 до 2.2.6
- Wireshark версии 2.0.0 до 2.0.12
Тип уязвимости
Бесконечный цикл
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector cou ...
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
EPSS
7.5 High
CVSS3
7.8 High
CVSS2