Уязвимость аварийного завершения работы в Wireshark при обработке RGMP пакетов
Описание
Уязвимость в Wireshark связана с возможностью аварийного завершения работы программы при обработке пакетов RGMP. Эта проблема возникает из-за отсутствия валидации IPv4 адресов в коде диссектора.
Затронутые версии ПО
- Wireshark версии 2.2.0 до 2.2.6
- Wireshark версии 2.0.0 до 2.0.12
Тип уязвимости
Аварийное завершение работы
Решение
Проблема была устранена в epan/dissectors/packet-rgmp.c посредством валидации IPv4 адресов.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector co ...
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2