Уязвимость повреждения памяти и аварийного завершения работы в Wireshark из-за диссектора openSAFETY
Описание
В Wireshark может произойти аварийное завершение работы или исчерпание системной памяти при использовании диссектора openSAFETY. Это связано с некорректной обработкой отрицательных значений длины в packet-opensafety.c.
Затронутые версии ПО
- Wireshark 2.2.0 до 2.2.6
- Wireshark 2.0.0 до 2.0.12
Тип уязвимости
- Повреждение памяти
- Аварийное завершение работы
Решение
Внесены изменения в epan/dissectors/packet-opensafety.c для проверки отрицательной длины.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissec ...
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
EPSS
7.5 High
CVSS3
7.8 High
CVSS2