Lucene search

K
mageiaGentoo FoundationMGASA-2024-0206
HistoryJun 03, 2024 - 9:30 p.m.

Updated wireshark packages fix security vulnerabilities

2024-06-0321:30:48
Gentoo Foundation
advisories.mageia.org
16
wireshark
security vulnerabilities
memory handling
infinite loops
use after free
editcap
unix

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

AI Score

7

Confidence

Low

EPSS

0

Percentile

16.3%

Memory handling issue in editcap could cause denial of service via crafted capture file. (CVE-2024-4853) MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file. (CVE-2024-4854) Use after free issue in editcap could cause denial of service via crafted capture file. (CVE-2024-4855)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchwireshark< 4.0.15-1wireshark-4.0.15-1.mga9

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

AI Score

7

Confidence

Low

EPSS

0

Percentile

16.3%