CVE-2024-0207

Опубликовано: 03 янв. 2024

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

A flaw was found in the HTTP3 dissector of Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Отчет

Red Hat Enterprise Linux 6, 7, 8 and 9 are not affected by this CVE as they shipped an older version of Wireshark that did not include the vulnerable code.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Not affected
Red Hat Enterprise Linux 7	wireshark	Not affected
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2256661wireshark: HTTP3 dissector crash via packet injection or crafted capture file

EPSS

Процентиль: 20%

0.00063

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-0207

CVSS3: 7.8

ubuntu

около 2 лет назад

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE-2024-0207

CVSS3: 7.8

nvd

около 2 лет назад

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE-2024-0207

CVSS3: 7.8

debian

около 2 лет назад

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...

GHSA-5qqv-6f97-m7hw

CVSS3: 7.8

github

около 2 лет назад

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

SUSE-SU-2024:3165-1

suse-cvrf

больше 1 года назад

Security update for wireshark

EPSS

Процентиль: 20%

0.00063

Низкий

5.5 Medium

CVSS3