Headline
CVE-2023-1992: Wireshark • wnpa-sec-2023-09 RPCoRDMA dissector crash
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
Summary
Name: RPCoRDMA dissector crash
Docid: wnpa-sec-2023-09
Date: April 12, 2023
Affected versions: 4.0.0 to 4.0.4, 3.6.0 to 3.6.12
Fixed versions: 4.0.5, 3.6.13
References:
Wireshark issue 18852.
CVE-2023-1992.
Details****Description
The RPC over RDMA dissector could crash.
Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.0.5, 3.6.13 or later.
Related news
Gentoo Linux Security Advisory 202309-2 - Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service. Versions greater than or equal to 4.0.6 are affected.
Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.