In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wireshark wireshark |
||
opensuse leap 15.1 |
||
oracle solaris 11 |
||
oracle zfs storage appliance 8.8 |
||
debian debian linux 9.0 |