Denial of service via Z39.50 protocol dissector crash
Summary
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service A heap buffer overflow can occur when the dissector processes malformed Z39.50 records with partial directory entries, as the pre-allocated array size is calculated using floor division and does not account for additional partial entries. An attacker could exploit this by convincing a user to open a specially crafted packet capture file, causing Wireshark to crash. This flaw requires user interaction, specifically opening a specially crafted packet capture file, limiting its immediate impact on typical server deployments. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-131. Affected Red Hat products: Red Hat Enterprise Linux 10. Red Hat does not currently list a fixing RHSA for this CVE.
Mitigation checklist
- Avoid opening capture files from untrusted sources.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.