ALAS2023-2023-197 --- wiresharkID: oval:org.secpod.oval:def:19500225 | Date: (C)2024-01-04 (M)2024-01-04 |
Class: PATCH | Family: unix |
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version between 4.0.0 to 4.0.5, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process runningWireshark.NOTE: https://www.wireshark.org/security/wnpa-sec-2023-18.htmlNOTE: https://gitlab.com/wireshark/wireshark/-/issues/19085 Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVE-2023-0668 appears to be an instance of CWE-125.NOTE: https://www.wireshark.org/security/wnpa-sec-2023-19.htmlNOTE: https://gitlab.com/wireshark/wireshark/-/issues/19087 A vulnerability exists in wireshark version 4.0.0 to 4.0.5 which would allow a remote attacker to crash wireshark by either injecting a malformed packet onto the wire or by convincing a user to read a malformed packet trace file. Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file A vulnerability was found in wireshark versions between 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13. The attacker would need the victim to open a maliciously crafted wireshark trace file, which would cause wireshark to crash. NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
Platform: |
Amazon Linux 2023 |