CVE-2020-26422

Опубликовано: 18 дек. 2020

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

Отчет

This flaw does not affect wireshark as shipped in Red Hat Enterprise Linux 5, 6, 7, or 8 because the affected code was introduced in a more recent version of wireshark than those shipped.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	wireshark	Not affected
Red Hat Enterprise Linux 6	wireshark	Not affected
Red Hat Enterprise Linux 7	wireshark	Not affected
Red Hat Enterprise Linux 8	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20->CWE-121->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1909799wireshark: QUIC dissector crash (wnpa-sec-2020-20)

EPSS

Процентиль: 53%

0.00306

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-26422

CVSS3: 3.7

ubuntu

около 5 лет назад

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

CVE-2020-26422

CVSS3: 3.7

nvd

около 5 лет назад

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

CVE-2020-26422

CVSS3: 3.7

debian

около 5 лет назад

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows d ...

GHSA-f986-fpv9-3cm7

CVSS3: 5.3

github

больше 3 лет назад

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

openSUSE-SU-2021:2125-1

suse-cvrf

больше 4 лет назад

Security update for wireshark

EPSS

Процентиль: 53%

0.00306

Низкий

7.5 High

CVSS3