Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Debian 10 Buster DLA-3313-1 Moderate: Wireshark Denial Of Service

debian lts
Calendar Grey February 8, 2023
Dist Debian Esm H88
Several vulnerabilities in Wireshark may lead to service disruptions when malicious packets are sent. Ensure your software is updated immediately!
Multiple security vulnerabilities have been discovered in Wireshark, a network traffic analyzer

Summary

CVE-2022-4345

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via
packet injection or crafted capture file

CVE-2023-0411

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
3.6.0 to 3.6.10 and allows denial of service via packet injection or
crafted capture file

CVE-2023-0412

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file

CVE-2023-0413

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
and allows denial of service via packet injection or crafted capture
file

CVE-2023-0415

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
and allows denial of service via packet injection or crafted capture
file

CVE-2023-0417

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0

Read the Full Advisory


Package: wireshark
Version: 2.6.20-0+deb10u5
CVE ID: CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.