Уязвимость бесконечного зацикливания DICOM-диссектора в Wireshark из-за некорректной обработки смещения
Описание
В Wireshark, при помощи диссектора DICOM, злоумышленники могли заставить систему перейти в большое или бесконечное зацикливание. Проблема была устранена в epan/dissectors/packet-dcm.c путём предотвращения переполнения смещения.
Затронутые версии ПО
- Wireshark 2.6.0 до 2.6.1
- Wireshark 2.4.0 до 2.4.7
- Wireshark 2.2.0 до 2.2.15
Тип уязвимости
Бесконечное или большое зацикливание
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
ELSA-2020-1047: wireshark security and bug fix update (MODERATE)
EPSS
7.5 High
CVSS3
7.8 High
CVSS2