CVE-2024-4853

Опубликовано: 14 мая 2024

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

Memory handling issue in editcap could cause denial of service via crafted capture file

A flaw was found in the editcap program distributed by Wireshark. A buffer over-read may be triggered when a crafted packet trace file is processed with the editcap program, causing an application crash and resulting in a denial of service.

Отчет

This flaw can only be triggered when the editcap program is used to process a crafted packet trace file.

Меры по смягчению последствий

Do not process untrusted packet trace files with the editcap program.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	wireshark	Not affected
Red Hat Enterprise Linux 6	wireshark	Out of support scope
Red Hat Enterprise Linux 7	wireshark	Out of support scope
Red Hat Enterprise Linux 8	wireshark	Fix deferred
Red Hat Enterprise Linux 9	wireshark	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-126

https://bugzilla.redhat.com/show_bug.cgi?id=2280718wireshark: Editcap byte chopping crash

EPSS

Процентиль: 17%

0.00056

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-4853

CVSS3: 3.6

ubuntu

больше 1 года назад

Memory handling issue in editcap could cause denial of service via crafted capture file

CVE-2024-4853

CVSS3: 3.6

nvd

больше 1 года назад

Memory handling issue in editcap could cause denial of service via crafted capture file

CVE-2024-4853

CVSS3: 3.6

msrc

5 месяцев назад

Описание отсутствует

CVE-2024-4853

CVSS3: 3.6

debian

больше 1 года назад

Memory handling issue in editcap could cause denial of service via cra ...

SUSE-SU-2025:1522-1

suse-cvrf

7 месяцев назад

Security update for wireshark

EPSS

Процентиль: 17%

0.00056

Низкий

5.5 Medium

CVSS3