A safety warning issued for Wireshark has obtained an replace from the BSI. You can examine which merchandise are affected by the safety hole right here at information.de.
Federal workplace for Security in Information Technology (BSI) reported a Wireshark safety advisory on May 13, 2024. The safety vulnerability impacts UNIX and Windows working methods in addition to Fedora Linux merchandise and open supply Wireshark. This alert was final up to date on May 22, 2024.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Fedora Security Advisory FEDORA-2024-CD1F01E5D9 (From 22 May 2024). Some helpful assets are listed later on this article.
Wireshark Security Advisory – Risk: Medium
Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS customary makes it potential to match potential or precise safety dangers primarily based on varied metrics with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body circumstances that will change over time are thought of within the take a look at. According to CVSS, the present vulnerability is assessed as “average” with 7.5 foundation factors.
Wireshark Bug: Multiple vulnerabilities allow denial of service
Wireshark is software program for recording community visitors and analyzing community protocols.
A distant, unknown attacker may exploit a number of vulnerabilities in Wireshark to carry out a denial of service assault.
Vulnerabilities are categorized utilizing the CVE (Common Vulnerabilities and Exposures) reference system utilizing particular person serial numbers. CVE-2024-4853, CVE-2024-4854 and CVE-2024-4855.
Systems affected by the Wireshark vulnerability at a look
Operating methods
UNIX, Windows
Products
Fedora Linux (cpe:/o:fedoraproject:fedora)
Open Source Wireshark Open Source Wireshark Open Source Wireshark
General suggestions for addressing IT safety gaps
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically accommodates further details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
- If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly examine if IT safety alert Affected producers present a brand new safety replace.
Sources for updates, patches and workarounds
Here you’ll find some hyperlinks with details about bug experiences, safety fixes and workarounds.
Fedora Security Advisory FEDORA-2024-CD1F01E5D9 vom 2024-05-22 (22.05.2024)
For extra data, see:
Fedora Security Advisory FEDORA-2024-ED93E6D44F vom 2024-05-22 (22.05.2024)
For extra data, see:
CVE Record vom 2024-05-13 (13.05.2024)
For extra data, see:
CVE Record vom 2024-05-13 (13.05.2024)
For extra data, see:
CVE Record vom 2024-05-13 (13.05.2024)
For extra data, see:
Version historical past of this safety alert
This is model 3 of this Wireshark IT safety discover. This doc shall be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.
May 13, 2024 – First model
05/15/2024 – References added: WNPA-SEC-2024-09
May 22, 2024 – New updates from Fedora added
+++ Editorial observe: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll find sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de