Описание
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
A buffer overflow vulnerability was found in Wireshark. This vulnerability is triggered when a user views a specifically malformed packet or a pcap file with such a malformed packet.
Отчет
The report makes the assumption that the active user is the root user and calculates the impact based on that assumption. It is not advised to conduct normal operations as the root user and when running as a non-root user, the impact is limited.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 6 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 7 | wireshark | Out of support scope | ||
| Red Hat Enterprise Linux 8 | wireshark | Not affected | ||
| Red Hat Enterprise Linux 9 | wireshark | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.1 ...
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
EPSS
6.1 Medium
CVSS3