Уязвимость аварийного завершения работы в протоколе DOCSIS в Wireshark из-за рекурсивного алгоритма в декодере пакетов
Описание
В Wireshark 2.4.0 до 2.4.4 в декодере протокола DOCSIS может происходить аварийное завершение работы из-за использования рекурсивного алгоритма при обработке связных PDU (Protocol Data Units).
Затронутые версии ПО
- Wireshark 2.4.0 - 2.4.4
Тип уязвимости
Аварийное завершение работы
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash ...
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2