In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP...
High severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Apr 4, 2018
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Feb 2, 2023
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
References