Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-9781

Опубликовано: 10 окт. 2024
Источник: redhat
CVSS3: 6.5

Описание

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

A flaw was found in the AppleTalk and RELOAD Framing dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an invalid read memory access and a denial of service.

Отчет

This vulnerability will cause a crash in Wireshark with no other security impact. For this reason, this flaw has been rated with a moderate severity. Additionally, Wireshark as shipped in Red Hat Enterprise Linux 8 and 9 is not affected by this vulnerability.

Меры по смягчению последствий

If the AppleTalk and RELOAD Framing protocol dissectors are not being used, they can be disabled via the "Enabled Protocols" dialog box in the Wireshark GUI application. This will also disable the protocol dissectors when using "tshark", the command line tool. See the links below for instructions to disable a protocol in Wireshark, specifically the "Control Protocol Dissection" section and the "disabled_protos" configuration file option. https://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html https://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7wiresharkOut of support scope
Red Hat Enterprise Linux 8wiresharkNot affected
Red Hat Enterprise Linux 9wiresharkNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-230
https://bugzilla.redhat.com/show_bug.cgi?id=2317746wireshark: Improper Handling of Missing Values in Wireshark

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-9781

CVSS3: 7.8
ubuntu
8 месяцев назад

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

nvd логотип

CVE-2024-9781

CVSS3: 7.8
nvd
8 месяцев назад

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

debian логотип

CVE-2024-9781

CVSS3: 7.8
debian
8 месяцев назад

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4. ...

suse-cvrf логотип

SUSE-SU-2024:3615-1

suse-cvrf
8 месяцев назад

Security update for wireshark

github логотип

GHSA-752v-9q7h-jp65

CVSS3: 7.8
github
8 месяцев назад

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

6.5 Medium

CVSS3