Уязвимость бесконечного цикла в диссекторе SoulSeek в Wireshark при обработке пакетов
Описание
В Wireshark версиях с 2.2.0 по 2.2.6 и с 2.0.0 по 2.0.12 уязвимость в диссекторе SoulSeek могла привести к переходу в бесконечный цикл. Это было устранено в файле epan/dissectors/packet-slsk.c путём уточнения границ цикла.
Затронутые версии ПО
- Wireshark 2.2.0 - 2.2.6
- Wireshark 2.0.0 - 2.0.12
Тип уязвимости
Бесконечный цикл
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissecto ...
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
EPSS
7.5 High
CVSS3
7.8 High
CVSS2