Уязвимость чтения за пределами буфера в диссекторе DOF в Wireshark
Описание
В Wireshark, версиях с 2.2.0 по 2.2.6, обнаружена уязвимость в диссекторе DOF, которая позволяет читать данные за пределами буфера.
Затронутые версии ПО
- Wireshark версий 2.2.0 по 2.2.6
Тип уязвимости
Чтение данных за пределами буфера
Решение
Эту проблему устранили через проверку значения размера в файле epan/dissectors/packet-dof.c.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2