Описание
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
A heap-based buffer overflow was found in Wireshark's NetScreen file parser. This issue may allow local arbitrary code execution via a crafted capture file.
Отчет
Although arbitrary code execution may be possible, default memory protections in Red Hat Enterprise Linux should prevent this flaw from causing a higher impact than an application crash. Wireshark is not an application that runs with elevated privileges, limiting the exploitability and impact of this issue to the user's context. Therefore, the severity score is set to Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Will not fix | ||
| Red Hat Enterprise Linux 9 | wireshark | Will not fix |
Показывать по
Дополнительная информация
Статус:
6.6 Medium
CVSS3
Связанные уязвимости
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to ...
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file
6.6 Medium
CVSS3