CVE-2023-0412

Опубликовано: 27 янв. 2023

Источник: redhat

CVSS3: 7.1

EPSS Низкий

Описание

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

A flaw was found in the TIPC dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an out-of-bounds read, resulting in a Denial of Service.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Out of support scope
Red Hat Enterprise Linux 7	wireshark	Out of support scope
Red Hat Enterprise Linux 8	wireshark	Will not fix
Red Hat Enterprise Linux 9	wireshark	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-674->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2165841wireshark: TIPC dissector crash

EPSS

Процентиль: 39%

0.00179

Низкий

7.1 High

CVSS3

Связанные уязвимости

CVE-2023-0412

CVSS3: 6.3

ubuntu

около 3 лет назад

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0412

CVSS3: 6.3

nvd

около 3 лет назад

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0412

CVSS3: 6.3

debian

около 3 лет назад

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...

GHSA-9c8m-hmqf-mhq2

CVSS3: 6.5

github

около 3 лет назад

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

SUSE-SU-2023:0343-1

suse-cvrf

почти 3 года назад

Security update for wireshark

EPSS

Процентиль: 39%

0.00179

Низкий

7.1 High

CVSS3