-------------------------------------------------------------------------
Debian LTS Advisory DLA-3313-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Tobias Frost
February 08, 2023                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : wireshark
Version        : 2.6.20-0+deb10u5
CVE ID         : CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413
                 CVE-2023-0415 CVE-2023-0417

Multiple security vulnerabilities have been discovered in Wireshark, a
network traffic analyzer. An attacker could cause a denial of service
(infinite loop or application crash) via packet injection or a crafted
capture file.

CVE-2022-4345

    Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
    Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via
    packet injection or crafted capture file

CVE-2023-0411

    Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
    3.6.0 to 3.6.10 and allows denial of service via packet injection or
    crafted capture file

CVE-2023-0412

    TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
    allows denial of service via packet injection or crafted capture file

CVE-2023-0413

    Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
    and allows denial of service via packet injection or crafted capture
    file

CVE-2023-0415

    iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
    and allows denial of service via packet injection or crafted capture
    file

CVE-2023-0417

    Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0
    to 3.6.10 and allows denial of service via packet injection or crafted
    capture file

For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u5.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3313-1: wireshark security update

February 8, 2023
Multiple security vulnerabilities have been discovered in Wireshark, a network traffic analyzer

Summary

CVE-2022-4345

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via
packet injection or crafted capture file

CVE-2023-0411

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
3.6.0 to 3.6.10 and allows denial of service via packet injection or
crafted capture file

CVE-2023-0412

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file

CVE-2023-0413

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
and allows denial of service via packet injection or crafted capture
file

CVE-2023-0415

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
and allows denial of service via packet injection or crafted capture
file

CVE-2023-0417

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0
to 3.6.10 and allows denial of service via packet injection or crafted
capture file

For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u5.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : wireshark
Version : 2.6.20-0+deb10u5
CVE ID : CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved