CVE-2014-5165
EPSS 0.35%
描述
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.
如何修補 CVE-2014-5165
要修補 CVE-2014-5165,請將受影響套件升級到下列已修補版本。
- Debian/wireshark—升級至 1.12.0+git+4fab41a1-1 或更新版本
CVE-2014-5165 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.12.0+git+4fab41a1-1