Описание
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
A flaw was found in Wireshark's FiveCo RAP dissector. This issue occurs when malformed packets are decoded from a pcap file or the network, causing an infinite loop and excessive consumption of CPU resources, resulting in a denial of service.
Отчет
This vulnerability will cause a crash in Wireshark with no other security impact. For this reason, this flaw has been rated with a moderate severity. Additionally, Wireshark as shipped in Red Hat Enterprise Linux 8 and 9 is not affected by this vulnerability because the FiveCo RAP protocol dissector was added in a newer version of Wireshark.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 9 | wireshark | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2 ...
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
Уязвимость диссектора FiveCo RAP анализатора трафика компьютерных сетей Wireshark, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3