Описание
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
A flaw was found in the ISO 15765 and ISO 10681 dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an out-of-bounds write, resulting in a Denial of Service and limited memory corruption.
Отчет
The ISO 10681 dissector is not available in Wireshark shipped by Red Hat Enterprise Linux 8 and 9 but the ISO 15765 is available in Wireshark shipped by all versions of Red Hat Enterprise Linux.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Will not fix | ||
| Red Hat Enterprise Linux 9 | wireshark | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...
ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
EPSS
7.1 High
CVSS3