7.5

CVE-2018-9259

Exploit
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version >= 2.2.0 <= 2.2.13
WiresharkWireshark Version >= 2.4.0 <= 2.4.5
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.32% 0.812
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
Third Party Advisory
Mailing List
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
Exploit
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2113179835b37549f245ac7c05ff2b96276893e4
https://www.wireshark.org/security/wnpa-sec-2018-15.html
Vendor Advisory