Описание
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
A denial of service vulnerability was found in Wireshark due to an infinite loop in the Bluetooth (BT) SDP dissector. Exploiting this flaw involves injecting a malformed packet onto the wire or enticing a victim to read a corrupted packet trace file, resulting in a crash of the BT SDP dissector. This issue may allow a remote attacker to perform a DoS attack by consuming all available system resources, leading to excessive CPU resource consumption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Will not fix | ||
| Red Hat Enterprise Linux 9 | wireshark | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | wireshark | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
Уязвимость анализатора трафика компьютерных сетей Wireshark, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3