Уязвимость бесконечного цикла в диссекторе протокола Bazaar в Wireshark
Описание
В Wireshark обнаружена уязвимость, связанная с возможностью бесконечного цикла в диссекторе протокола Bazaar. Проблема была решена путем корректной обработки слишком длинных элементов в файле epan/dissectors/packet-bzr.c.
Затронутые версии ПО
- Wireshark версии 2.6.0 до 2.6.1
- Wireshark версии 2.4.0 до 2.4.7
- Wireshark версии 2.2.0 до 2.2.15
Тип уязвимости
Бесконечный цикл (infinite loop)
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ...
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
ELSA-2020-1047: wireshark security and bug fix update (MODERATE)
EPSS
7.5 High
CVSS3
7.8 High
CVSS2