Описание
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
A flaw was found in Wireshark’s SSH dissector, caused by a missing NULL check in key exchange parameter handling. This vulnerability can trigger a segmentation fault when processing malformed SSH traffic or crafted capture files, potentially causing the application to crash and resulting in a denial of service.
Отчет
This issue is considered Moderate rather than an Important flaw because its impact is limited to application availability and does not allow arbitrary code execution or information disclosure. The vulnerability leads to a segmentation fault in the SSH dissector, which can crash Wireshark or TShark, but only when the user opens a malicious capture file or analyzes traffic containing malformed SSH packets. Since exploitation requires user interaction (opening the file) or the ability to inject traffic into a monitored network, and the consequence is restricted to denial of service rather than compromising confidentiality or integrity, the severity is classified as Moderate.
Меры по смягчению последствий
Users should avoid opening packet captures from untrusted sources and restrict analysis to known, reliable traffic. Running Wireshark with non-privileged accounts or in a sandboxed environment can also help minimize the impact of a crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 6 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 7 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 8 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 9 | wireshark | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of servi ...
EPSS
5.5 Medium
CVSS3