Уязвимость аварийного завершения работы в Wireshark при обработке "sigcomp" пакетов
Описание
В Wireshark epan/dissectors/packet-sigcomp.c вызывает аварийное завершение работы программы. Проблема решена путем корректировки извлечения значения длины.
Затронутые версии ПО
- Wireshark версии с 2.2.0 по 2.2.12
- Wireshark версии с 2.4.0 по 2.4.4
Тип уязвимости
Аварийное завершение работы
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector ...
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
ELSA-2020-1047: wireshark security and bug fix update (MODERATE)
EPSS
7.5 High
CVSS3
5 Medium
CVSS2