Описание
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
A memory leak was discovered in Wireshark while decoding packets captured in a pcap file or coming from the network. Multiple packet dissectors are potentially affected by this issue. A remote attacker may abuse this flaw by sending specially crafted packets that, when processed, would make Wireshark consume excessive CPU resources resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Отчет
This issue does not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced in a newer version of the package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 7 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 8 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 9 | wireshark | Not affected |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial ...
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
5.9 Medium
CVSS3