Уязвимость бесконечного цикла в диссекторе Bazaar в Wireshark
Описание
В версиях Wireshark 2.2.0 до 2.2.6 и 2.0.0 до 2.0.12 была обнаружена уязвимость, связанная с возможностью попадания в бесконечный цикл диссектора Bazaar. Эта проблема была решена в файле epan/dissectors/packet-bzr.c путём обеспечения невозможности обратного парсинга.
Затронутые версии ПО
- Wireshark 2.2.0 до 2.2.6
- Wireshark 2.0.0 до 2.0.12
Тип уязвимости
Бесконечный цикл (infinite loop)
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
EPSS
7.5 High
CVSS3
7.8 High
CVSS2