Уязвимость аварийного завершения работы в Wireshark из-за некорректного анализа пакетов IPMI
Описание
В Wireshark версий с 2.2.0 до 2.2.12 и с 2.4.0 до 2.4.4 диссектор IPMI мог вызвать аварийное завершение работы (crash). Эта проблема была решена в epan/dissectors/packet-ipmi-picmg.c путём добавления поддержки специально созданных пакетов, не содержащих заголовок IPMI.
Затронутые версии ПО
- Wireshark 2.2.0 до 2.2.12
- Wireshark 2.4.0 до 2.4.4
Тип уязвимости
Аварийное завершение работы
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector co ...
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2