Описание
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
A flaw was found in Wireshark’s MONGO dissector. When processing certain malformed MONGO packets, the dissector could enter an infinite loop, leading to unbounded CPU consumption. This issue allows an attacker to cause a denial of service by sending a specially crafted packet on the network or by convincing a user to open a malicious capture file.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security's standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 9 | wireshark | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
5.5 Medium
CVSS3