Уязвимость аварийного завершения работы диссектора протокола CoAP в Wireshark
Описание
В Wireshark версии 2.6.0 до 2.6.1 и 2.4.0 до 2.4.7 обнаружена уязвимость, связанная с аварийным завершением работы диссектора протокола CoAP. Это происходило из-за отсутствия проверки на NULL в коде epan/dissectors/packet-coap.c.
Затронутые версии ПО
- Wireshark 2.6.0 до 2.6.1
- Wireshark 2.4.0 до 2.4.7
Тип уязвимости
Аварийное завершение работы (crash)
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol diss ...
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2