Описание
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
A denial of service vulnerability was found in Wireshark due to insufficient validation of user-supplied input in the CBOR protocol dissector. This issue could allow a remote attacker to inject a malformed packet onto the wire or persuade someone to read a corrupted packet trace file. The issue manifests as an uncontrolled recursion loop leading to a stack overflow, resulting in Wireshark crashing.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Will not fix | ||
| Red Hat Enterprise Linux 9 | wireshark | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | wireshark | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Уязвимость анализатора трафика компьютерных сетей Wireshark, вызванная неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании
6.5 Medium
CVSS3