CVE-2024-8645

Опубликовано: 10 сент. 2024

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

A flaw was found in Wireshark's SPRT dissector. This vulnerability allows denial of service via packet injection or a crafted capture file, leading to a crash caused by illegal memory access when G.711 RTP packets are incorrectly parsed by the SPRT dissector after a session transition.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	wireshark	Not affected
Red Hat Enterprise Linux 6	wireshark	Out of support scope
Red Hat Enterprise Linux 7	wireshark	Out of support scope
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-824

https://bugzilla.redhat.com/show_bug.cgi?id=2311102wireshark: Denial of Service via SPRT Dissector Crash in Wireshark

EPSS

Процентиль: 19%

0.0006

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-8645

CVSS3: 5.5

ubuntu

больше 1 года назад

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

CVE-2024-8645

CVSS3: 5.5

nvd

больше 1 года назад

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

CVE-2024-8645

CVSS3: 5.5

msrc

9 месяцев назад

Access of Uninitialized Pointer in Wireshark

CVE-2024-8645

CVSS3: 5.5

debian

больше 1 года назад

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...

GHSA-gr6m-q82v-j96h

CVSS3: 5.5

github

больше 1 года назад

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

EPSS

Процентиль: 19%

0.0006

Низкий

5.5 Medium

CVSS3