Описание
Use after free issue in editcap could cause denial of service via crafted capture file
A flaw was found in the editcap program distributed by Wireshark. A use-after-free may be triggered when a crafted packet trace file is processed with the editcap program using the --inject-secrets command line option, causing an application crash and resulting in a denial of service.
Отчет
This flaw can only be triggered when the editcap program is used to process a crafted packet trace file with the --inject-secrets command line option.
Меры по смягчению последствий
Do not process untrusted packet trace files with the editcap program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 9 | wireshark | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Use after free issue in editcap could cause denial of service via crafted capture file
Use after free issue in editcap could cause denial of service via crafted capture file
Use after free issue in editcap could cause denial of service via craf ...
Use after free issue in editcap could cause denial of service via crafted capture file
EPSS
5.5 Medium
CVSS3