Описание
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
A flaw was found in Wireshark. This vulnerability allows an attacker to trigger a crash in the BLF file parser by providing a specially crafted file. Successful exploitation leads to a denial of service (DoS), making the application unavailable to legitimate users.
Отчет
This vulnerability is rated Moderate for Red Hat. An out-of-bounds write flaw in the Wireshark BLF file parser can lead to a denial of service. This issue requires user interaction, as an attacker would need to trick a user into opening a specially crafted BLF file.
Меры по смягчению последствий
To mitigate this issue, users should avoid opening or processing untrusted BLF (Binary Logging Format) files with Wireshark. Exercise caution when handling BLF files from unknown or unverified sources to prevent potential denial of service attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 6 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 7 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 8 | wireshark | Fix deferred | ||
| Red Hat Enterprise Linux 9 | wireshark | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 ...
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Уязвимость анализатора трафика компьютерных сетей Wireshark, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
5.5 Medium
CVSS3