ALAS2023-2023-120 --- wiresharkID: oval:org.secpod.oval:def:19500170 | Date: (C)2023-06-12 (M)2024-01-04 |
Class: PATCH | Family: unix |
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.htmlNOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737 TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.htmlNOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766 Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Platform: |
Amazon Linux 2023 |