CVE-2021-4182

Опубликовано: 29 дек. 2021

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

A parser infinite-loop flaw was found in wireshark. An attacker with local network access could pass specially crafted capture files causing an application to halt, crash, or infinite loop.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Not affected
Red Hat Enterprise Linux 7	wireshark	Not affected
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2039005wireshark: RFC 7468 file parser infinite loop

EPSS

Процентиль: 13%

0.00042

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-4182

CVSS3: 7.5

ubuntu

около 4 лет назад

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVE-2021-4182

CVSS3: 7.5

nvd

около 4 лет назад

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVE-2021-4182

CVSS3: 7.5

msrc

около 4 лет назад

Описание отсутствует

CVE-2021-4182

CVSS3: 7.5

debian

около 4 лет назад

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...

GHSA-3hwx-vc7v-fw2m

CVSS3: 7.5

github

около 4 лет назад

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

EPSS

Процентиль: 13%

0.00042

Низкий

7.5 High

CVSS3