Описание
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
A flaw was found in wireshark. Affected versions of wireshark allow denial of service via packet injection or crafted capture file. It may be possible to cause Wireshark to crash by injecting a malformed packet onto the wire or convincing someone to read a malformed packet trace file.
Отчет
This issue does not affect Red Hat Enterprise Linux 6, 7, 8 and 9 as the affected version of wireshark package is currently not provided in any of our supported products.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 7 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 8 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 9 | wireshark | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.1 ...
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
EPSS
5.5 Medium
CVSS3