CVE-2024-0210

Опубликовано: 03 янв. 2024

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

A flaw was found in the TLV dissector of Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Отчет

Red Hat Enterprise Linux 6, 7, 8 and 9 are not affected by this CVE as they shipped an older version of Wireshark that did not include the vulnerable code.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Not affected
Red Hat Enterprise Linux 7	wireshark	Not affected
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-674

https://bugzilla.redhat.com/show_bug.cgi?id=2256654wireshark: Zigbee TLV dissector crash via packet injection or crafted capture file

EPSS

Процентиль: 22%

0.00074

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-0210

CVSS3: 7.8

ubuntu

около 2 лет назад

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE-2024-0210

CVSS3: 7.8

nvd

около 2 лет назад

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

CVE-2024-0210

CVSS3: 7.8

debian

около 2 лет назад

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...

GHSA-w5mm-9ffh-gjvj

CVSS3: 7.8

github

около 2 лет назад

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

SUSE-SU-2024:3165-1

suse-cvrf

больше 1 года назад

Security update for wireshark

EPSS

Процентиль: 22%

0.00074

Низкий

5.5 Medium

CVSS3