Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Packet Storm
Open in Source
#vulnerability#linux#debian#dos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Debian Security Advisory DSA-5429-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
June 15, 2023 https://www.debian.org/security/faq

Package : wireshark
CVE ID : CVE-2023-0666 CVE-2023-0668 CVE-2023-1161 CVE-2023-1992
CVE-2023-1993 CVE-2023-1994 CVE-2023-2854 CVE-2023-2855
CVE-2023-2856 CVE-2023-2857 CVE-2023-2858 CVE-2023-2879
CVE-2023-2952

Multiple vulnerabilities have been discocvered in Wireshark, a network
protocol analyzer which could result in denial of service or the
execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 4.0.6-1~deb12u1.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSLUgEACgkQEMKTtsN8
Tjb1eA//ZRvTFE+TUSJE6M81F5ul/jUvJr9BXp0yrMMO2PUhD364FNFNr7rTEKqI
csL6Tn7ovBlMvp+DTczWb0A5Kvk6/VdYXo92u4sErOSu+m6d0klOX7hwQbzg7fmp
t3LwJz/eVHDIBgNY7NCGVHgWJ2OpOSPtvo78Qejd9SpXATFv/OzsPKL3rhfgoxj8
KY49mZqvPaRp3m60LSJigNhXtb14RNoyGQpYYBnsIDAkGUR+gb9Hr7PLhbMGdvJk
XeQXwZsqp2HFdxOEKdwDPABpltBUjpClycD2sMzmXhgEdcbyuAFgvVWWmLxtgIxt
3bvFXTpQ8SSePWKCZaOnrWnmtUzrkN1WKyfrlwvB3zY+H7QDO66nSuRvQ0+8dJoJ
fCKn9H14B8BqcynRJEanJzNZ13rvV5l1843Is17SbY8KmBAEGADmYckvx3d1kGDm
FGNC5tqdAmoZCuXHzfZuN5rWWdBMV3Z18QN1gpv0LdEh5hQf6fzb1M0xcuibbVh6
a6b3RTtwNQtH+BUcaD+Ma64zpjQShHJ9NyjC0F2MhJBFpWRiwvO+mgtVxmRPkFZf
x0OvOT+7koUOut1MiaKMEwbEIYZP9lCD6+WMtv2xaJW7BrCmSneVHNXH56707D7k
nfnh5Y9t0G5NT70NhOutdgokTvfjoEQln6kSG2t80nWScRyYWek=4yeF
-----END PGP SIGNATURE-----

Related news

Gentoo Linux Security Advisory 202309-02

Gentoo Linux Security Advisory 202309-2 - Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service. Versions greater than or equal to 4.0.6 are affected.

CVE-2023-0668: CVE-2023-0668 • Austin Hackers Academy

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

CVE-2023-0666: CVE-2023-0666 🤘 • Austin Hackers Academy

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

CVE-2023-2952: 2023/CVE-2023-2952.json · master · GitLab.org / cves · GitLab

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-2857: Heap buffer overflow vulnerability in BLF reader (#19063) · Issues · Wireshark Foundation / wireshark · GitLab

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2858: Wireshark • wnpa-sec-2023-15 NetScaler file parser crash

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2879: Fuzz job crash output: fuzz-2023-05-13-7062.pcap (#19068) · Issues · Wireshark Foundation / wireshark · GitLab

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-2855: 2023/CVE-2023-2855.json · master · GitLab.org / cves · GitLab

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2856: 2023/CVE-2023-2856.json · master · GitLab.org / cves · GitLab

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-1994: 2023/CVE-2023-1994.json · master · GitLab.org / cves · GitLab

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1992: Wireshark • wnpa-sec-2023-09 RPCoRDMA dissector crash

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1993: Wireshark • wnpa-sec-2023-10 LISP dissector large loop

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1161: 2023/CVE-2023-1161.json · master · GitLab.org / cves · GitLab

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

Packet Storm: Latest News

CUPS Arbitrary Command Execution
Packet Storm